Informații principale

Descrierea și cerințele proiectului

•  Design, implement, and maintain security solutions to ensure the integrity, confidentiality, and availability of systems and data.  
•  Integrate security tools like AquaSec and Sonar into the development pipeline for automated security checks and static code analysis.  
•  Expose security tools to developers in a self-service manner via the DevOps Portal, enabling teams to independently conduct security assessments.  
• Conduct regular security audits and risk assessments to identify and mitigate vulnerabilities.  
• Create and enforce compliance standards to ensure adherence to industry regulations and internal security policies.  
• Provide ongoing support for developers by answering security-related queries and troubleshooting issues.  
• Collaborate with development teams to implement security best practices throughout the software development lifecycle.  
• Monitor and report on security metrics and compliance performance, recommending improvements.  
•  Document frequently performed tasks and best practices for internal and external stakeholders for streamlined operations. 

• Implementing security solutions to ensure the integrity, confidentiality, and availability of systems and data.
• Experience with Infrastructure-as-Code (IaC) tools like Terraform to automate and manage security configurations.
• Design and implementation of security measures for hybrid infrastructure environments (cloud and on-premise).
• Evaluate, select, and implement security tools for both cloud and on-premise environments.
• Networking skills for securing communications, data flows, and networks (including firewalls, VPNs, and network segmentation).
• Development and documentation of security processes, including vulnerability management and incident response.
• Collaboration with Engineering, DevOps, and IT teams to integrate security measures into the development lifecycle.
• Deep understanding of asymmetric encryption and certificate hierarchies for secure communications and trust establishment.
• Risk assessment and mitigation for security risks in cloud and on-premise environments.
• Assistance with audits and security policy reviews to ensure compliance and alignment with best practices.
• Experience with CI/CD tools like ArgoCD for integrating security into the software deployment pipeline.
• Experience with container security in Kubernetes and Docker environments.
• Understanding of critical infrastructure security and the role security plays in maintaining its integrity.
• Fluent English in both speech and writing.

• Experience in German to understand and interpret ISO certificate documents.
• Familiarity with CI/CD pipeline security and the integration of automated security testing into the pipeline.
• Experience with logging, monitoring, and alerting tools in cloud environments (e.g., Prometheus, Loki Stack).
• Familiarity with encryption practices, including data-at-rest, data-in-transit, and key management systems.
• Familiarity with Software Composition Analysis (SCA) tools and practices for identifying vulnerabilities in open-source dependencies
• Proficiency in Static Application Security Testing (SAST) to identify security issues in the source code.

Categorie