DevSecOps Engineer
Divoro
Divoro is a growing MSSP (Managed Security Service Provider) in the Cybersecurity space.
We are seeking a skilled and motivated DevSecOps Engineer to join our dynamic team.
Your responsibilities will be:
➢ Develop and implement security measures throughout the software development lifecycle, including requirements gathering, design, development, testing, and deployment phases.
➢ Integrate security tools and technologies into the CI/CD pipeline to automate security checks, vulnerability scanning, and code analysis.
➢ Collaborate with development teams to identify and remediate security vulnerabilities, implementing secure coding practices and providing guidance on secure application design.
➢ Implement and maintain infrastructure as code (IaC) frameworks, ensuring that security controls and best practices are incorporated into the provisioning and management of cloud resources.
➢ Perform security assessments and penetration testing on applications and infrastructure to identify vulnerabilities and recommend appropriate remediation measures.
➢ Monitor and analyze security events and incidents, responding promptly to security breaches and conducting forensic investigations when necessary.
➢ Develop and enforce security policies, standards, and procedures, ensuring compliance with relevant regulations and industry best practices.
➢ Stay up to date with the latest security threats, vulnerabilities, and industry trends, and provide recommendations on security enhancements and risk mitigation strategies.
➢ Collaborate with cross-functional teams to educate and promote security awareness, conducting training sessions and workshops on secure coding practices and security-related topics.
Requirements:
➢ Excellent verbal and written English skills.
➢ Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
➢ 3+ years of experience in DevOps, Security Engineering background, knowledge, and/or experience.
➢ Strong understanding of software development lifecycles (SDLC) and Agile methodologies.
➢ In-depth knowledge of DevOps practices, tools, and technologies, such as CI/CD pipelines, configuration management, and containerization.
➢ Proficiency in scripting languages (e.g., Python, Bash) and experience with infrastructure automation tools (e.g., Ansible, Puppet, Chef).
➢ Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and experience implementing security controls within cloud environments.
➢ Solid understanding of security principles, industry best practices, and common vulnerabilities (e.g., OWASP Top 10).
➢ Experience with security scanning tools (e.g., SAST, DAST, SCA), vulnerability management systems, and security information and event management (SIEM) solutions.
➢ Knowledge of network and system security protocols (e.g., TLS/SSL, IPsec, firewalls, IDS/IPS).
➢ Excellent problem-solving and analytical skills, with the ability to assess risks, prioritize tasks, and deliver effective security solutions.
➢ Strong communication and collaboration skills, with the ability to work effectively in cross-functional teams.
What we offer:
➢ Great experience in a global cyber security company.
➢ Opportunity to grow with the company in any area you choose.
➢ Direct contract with the American company.
➢ Open-minded, professional team that will be developing & supporting you.
➢ Paid vacation and sick leaves.
➢ Paid Voluntary Time Off and Mental health day.
➢ Paid professional training.
➢ Medical insurance after the integration period.
➢ Flexible, remote work environment😊
Join our Team!