- Proven experience of working in AppSec within DevOps or DevSecOps groups
- Bachelor’s degree in information technology/computer science/engineering
- 10 -15 years of relevant work experience
- Experience in developing processes that produce artifacts that support security and compliance requirements.
- Ability to design and implement secure automation solutions for development, testing, and production environments.
- Experience in supporting multiple agile teams across various platforms, environments, and instances.
- Experience of implementing security best practices and configuration management
- Ability to employ infrastructure-as-code to increase automation, scalability, and reliability.
- Experience in cloud based containerized environments (Kubernetes, Docker)
- Deep technical experience of securing, monitoring, and maintaining infrastructure for in-house developed applications.
- Expertise in 3rd party library security scanning, static code scanning, code hygiene, dynamic code scanning.
- Experience in leading the organization’s application security tooling, problem intake and remediation process.
- Knowledge of container security, AWS EKS, Azure AKS, Helm
- Knowledge of IAM, cloud trail, guard duty, WAF, SDLC practices, basic scripting skills
- Experience with common programming and scripting languages, such as Golang, Ruby, C/C++, C#, Python, JavaScript, Bash
- Familiar with designing solutions to complex technical issues and working with other technology or cyber security experts, including architects and vendors.
- Resolves any technical problems discovered by DevOps, development, or testers and any internal clients.
- Familiar with cloud offerings including, but not limited to, Alibaba, Amazon Web Services, Azure, and Google Cloud Platform.
- Knowledge of Agile software development principles, Continuous Integration and Deployment (CICD), and DevOps
- Knowledge of software vulnerabilities and remediation (OWASP/SANS CWE)
- Experience implementing identity strategies and application integrations including LDAP, Kerberos, SAML, OAuth, OpenID Connect
- Experience in developing secure configurations across Integration APIs, GraphQL and deployment on API Gateways such as Azure APIM GW, Axway/Mulesoft API GW etc.