Our client: 

A member of the global integrated service delivery center network is currently looking for a:

Senior DevSecOps Consultant

Your key responsibilities:

• Performing security architecture reviews of applications in design and production phases
• Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment
• Conducting assessments of applications and platforms (web, cloud, mobile) using range of manual and automated source code review techniques
• Integrating application security tools and process in automated pipelines
• Working with clients to analyze, evaluate, and enhance the effectiveness of their application / platform / product security posture at procedural and technological levels from design to deployment
• Resolving and reviewing resolution of security vulnerabilities as needed
• Improving secure coding practices, application security requirements, automation, training and metrics
• Monitoring & Logging and Site Reliability

Rate and form of employment:

•  B2B contract with an external company
• 100% remote work
• Long-term project
• 160-190 PLN/h net

Skills and attributes for success:

• Understanding of or experience in Agile Development Environment
• Problem solving and troubleshooting with eye for details
• Good communication and presentation skills
• Ability to work in both collaborative and independent work environments
• Proven ability to work as DevSecOps on projects
• Excellent command over English (written and spoken)

To qualify for the role, you must have:

• Experience in performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools
• Minimum 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
  - Containers (Docker, Kubernetes, etc.)
  - Infrastructure as code (Chef, Terraform, etc.)
  - Continuous integration (Jenkins, etc.)
  - Integration of Security testing tools into pipeline
  - Defect tracking (Jira, Bugzilla, ServiceNow etc.)
  - Source code management (GitLab, GitHub, BitBucket, etc.)
  - Developing enterprise applications or scripts for security testing (security as code)
  - Cloud environment (AWS, Azure, GCP) and various Unix-like distributions

Ideally, you’ll also have:

• Diploma or Degree in Computer Science, Software Engineering or related discipline with 3+ years’ of overall experience
• Good technical knowledge of Microservice oriented solutions, APIs, Azure AD and common Cloud authentication patterns
• Cloud/DevOps Certification (MS Azure/AWS/GCP)