Engineering Manager - DevSecOps

Engineering Manager - DevSecOps

20 Oct
|
Zeta Suite
|
Nadiad

20 Oct

Zeta Suite

Nadiad

Where is this role?

This role is part of the Information Security Team, Engineering division of Zeta. The Cloud Security engineer is responsible for creating the securing and automating the environment, coming up with project roadmap, setting processes in place, creating CI/CD roadmap etc. Guide Developers and DevOps teams about new threats and help harden infrastructure and applications from various attacks as needed. The objective is to make zeta applications and infrastructure secure.

What does the sub-division do?

Responsible for entire security of Zeta’s Tech stack (Cloud & On-prem)

Perform regular VA/PT for Web, Network and Mobile applications

Integrate security testing tools (SAST, DAST) in to CI/CD pipelines







Regular code reviews, involve in application design discussions

Perform Threat Modelling of Web/Mobile applications

Cloud Security Assessment & Automation

Write organizational level Infosec policies, review policies

Educate everyone at Zeta on Infosec best practices like secure coding, secure data handling, secure networking, secure crypto implementation etc.

What are your responsibilities?

Implement cloud security initiatives for entire organization Improve Cloud security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud

Prepare and present reports of Vulnerability Assessment, Automation, Penetration Testing etc.

Oversee the planning and coordination of Cloud security Deploy, Maintain and Support Log Aggregation, Vulnerability and Threat Detection Solutions with associated visualizations so that real-time identification of issues can be performed.







In addition to the above specific responsibilities, as Cloud Security Engineer in Information Security division of Zeta, you will be responsible for:

Hiring decisions, hiring process definition, and continuous improvements. Broad knowledge of security domain with an understanding of cloud & kubernetes vulnerabilities, secure configurations and mitigation mechanisms

Perform review and validation of all deliverables for Cloud Security

Educate DevOps, Devs and Security Team

What are you accountable for?

Continuous improvement of Cloud Security postureI

ntegrating various tools into CI/ CD and automate repetitive tasks

Make sure the environment is compliant to CIS, NIST, PCI etc.







Ensure that Security Standards are being adopted by the Product Team covering both Cloud, On-Prem, SaaS, PaaS and IaaS.

What are you expected to be good at?

To be successful in this role, the following are the areas of expertise classified by their importance:

Critical: Solid understanding of public cloud technologies with hands-on technical knowledge of at least one major public cloud like AWS, Azure etc.

Experience of CI/CD Pipeline implementation and at least one tool (Jenkins, ArgoCD, Bitbucket Pipelines etc)Experience in at least one scripting language (Bash, Python, Java etc)Experience containerization and Kubernetes

Experience of automating and templating security processes and documentation for compliance purposes.

Hands on experience of vulnerability assessments, Penetration Testing,





Web Application Security, data privacy, identify access management etc.

Experience of at least 2 active and passive security tooling (OWASP ZAP, Veracode, Checkmarx, Fiddler etc)Experience on Infrastructure as Code solution (Terraform, Ansible, Chef etc)Advantage: experience with security tools like Prisma, Aqua, Clair, Hashicorp Vault, etc.

High:

Conduct Architecture and Design review to provide guidance and security assurance around best practices and frameworks.

Work closely with the DevOps teams and share security insight

Knowledge of development practices using Java and Nodejs, Docker, Kubernetes and other container orchestration services

Experience with Secure Code Quality Tools, Testing and Techniques - ZAP, Wireshark, Sonarqube,





Metasploit etc.

Understanding of security frameworks, controls and processes - CIS, NIST, PCI/DSS. SOCI/II, etcMedium experience in one or more languages - NodeJS, GoLang, Python, Perl, Ruby, Bash, Javascript, Java etc.

Ability to document risks, security controls and evidence to ensure compliance

Good to have:

Understanding of CI/CD, Jenkins

In-depth understanding of production operations on public cloud infrastructure

AWS VPC, S3 buckets, Load Balancers etc.

Dockers & Containers, Kubernetes

Certifications like AWS Certified Security Specialty, Certified Kubernetes Administrator (CKA), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), OSCP, OSEE, OSWE/AWAE, CISSP, SANS GPEN/GXPN etc.







Expected experience and academic background?

8 to 12 years of overall experience as Cloud Security/DevSecOps engineer in medium to large-size product companies.

▶️ Engineering Manager - DevSecOps
🖊️ Zeta Suite
📍 Nadiad

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: engineering manager - devsecops

Principal Cloud Infrastructure Architect

Principal Cloud Infrastructure Architect

About us: Intuitive.Cloud is one of the fastest-growing (INC 5000, CRN) Cloud & SDx solution and services companies supporting enterprise customers on a global scale. Intuitive is an "Engineering Company" delivering measurable value and key busines [...]
Junagadh
29 Oct
    Junagadh
    29 Oct

Principal Cloud Infrastructure Architect

Principal Cloud Infrastructure Architect

About us: Intuitive.Cloud is one of the fastest-growing (INC 5000, CRN) Cloud & SDx solution and services companies supporting enterprise customers on a global scale. Intuitive is an "Engineering Company" delivering measurable value and key busines [...]
Junagadh
18 Oct
    Junagadh
    18 Oct

Principal Cloud Infrastructure Architect

Principal Cloud Infrastructure Architect

About us: Intuitive.Cloud is one of the fastest-growing (INC 5000, CRN) Cloud & SDx solution and services companies supporting enterprise customers on a global scale. Intuitive is an "Engineering Company" delivering measurable value and key busines [...]
Junagadh
24 Oct
    Junagadh
    24 Oct

Senior Technical Architect

Senior Technical Architect

Insight Global is seeking a Technical Architect to support a multi-national power management client of ours to support digital software, including subscription software, from an IT infrastructure perspective. This is a key role in supporting product [...]
Junagadh
20 Oct
    Junagadh
    20 Oct
Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: engineering manager - devsecops