DevSecOps Engineer (Job Ref: 1836)

The purpose of DevSecOps Engineer role is to define, test, implement and monitor DevSecOps process of Mondia Group. The engineer will primarily work with DevOps Team to implement and fine-tune the DevSecOps tool set, define the DevSecOps process, automate security assessment and mitigation process, to improve the security posture and system reliability.

This role will own the DevSecOps architecture and artifacts documentation, DevSecOps process documentation including the Standard Operating Procedures, and will ensure the creation, updating, implementation and monitoring of these documents. The role will ensure the tool optimization, updating and maintenance of DevSecOps tools. In addition, the Engineer will provide the technical support for day-to-day security operations, Security incident handling, and security compliance support.

Leading candidates will be able to demonstrate experience in the implementation of end-to-end DevSecOps life cycle.

Additional Responsibilities include:

• Identify, integrate, configure, deploy, monitor, and improve infosec controls.

• Ensure that development process considers the latest design patterns in software security development, and best practice - providing recommendation, with user stories, practical recommendations on approach and automation related to security
• Ensure that capabilities are deployed through a continuous development pipeline with security requirements satisfied at the time of deployment
• Proactively monitor and fix issues in the development life cycle.
• Support the Senior Software/System-Engineers to Integrate, configure, deploy and manage centrally provided common cloud services (e.g. IAM, networking, logging, Operating systems, Containers)
• Ensure compliance with IT Security standards (E.g. Network, Firewall, OS, Logging, Monitoring, Availability, Resiliency) and industry best practices.
• Work with the cloud engineering teams and development teams to create effective CI/CD implementations, helping to configure and maintain them.
• Help with the release management of new software into the production platform.

• Troubleshoot security related issues and assist Incident Management inside the organization.
• Assist with security implementation of customer projects, security audits & questionnaires and ongoing support of security operations
• Assist the implementation of backup, redundancy, disaster recovery controls and monitor their current state of implementation across the company.

Requirements

The ideal candidate has exceptionally high ownership, excellent critical thinking skills and the ability to work with agility in a fast-paced environment. He/she would also be insanely focused on demonstrating excellence in service delivery and problem-solving, breaking down complex information into understandable and actionable items.

Those with experience in the mobile digital entertainment industry would be at a distinct advantage

Other qualifications include:

• BS degree in Engineering or Information Technology related field
• Minimum of 8 years’ work experience in engineering or IT role
• Minimum of 4 years´ experience in Security design/testing.
• Experience of working with Continuous Integration (CI), Continuous Delivery (CD) and continuous testing tools
• Hands-on experience in at least two or more cloud environments; AWS, Azure, GCP
• Good understanding of cloud security architecture, familiarity with third party cloud security technologies.
• Thorough understanding of GitLab or GitHub implementations.
• Experience with common programming and scripting languages, such as Java, Python, Java/Typescripts, PowerShell, Bash, etc.
• Good Experience in security testing – SAST, DAST, IAST, SCA, Penetration Testing, Security configuration reviews.
• Cloud Security Certifications like AZ-500, AWS Certified Security Specialty, Google Professional Cloud Security Engineer are preferred.
• General Security Certifications such as CISSP, CISA, OSCP etc. are considered plus
• Passion for Security & DevSecOps and the goal to drive this along the organization
• Communications skills including the ability to understand client process in any area
• Knowledge of information security standards like ISO 27001, PCI-DSS, ENESA and working knowledge in GDPR and similar legislative environments with respect to information security
• You are fluent in English, while Arabic or German proficiency is advantageous

Benefits

Paid time off