1.

Responsibilities:
Strategy and Leadership:
Develop and lead the implementation of the DevSecOps strategy, collaborating with
cross-functional teams.
Provide technical leadership and mentorship to the DevOps team on security best
practices.
Security Architecture:
Design, implement, and maintain secure infrastructure and application
architectures.
Conduct regular security architecture reviews and provide recommendations for
improvements.
Automation and Scripting:
Automate security testing and processes within the CI/CD pipeline.
Develop and maintain scripts and tools for automating security tasks.
Security Testing:
Oversee static and dynamic application security testing (SAST and DAST).
Lead security code reviews and collaborate with development teams to remediate
vulnerabilities.
Incident Response:
Lead and coordinate incident response efforts in the event of security incidents or
breaches.
Develop and maintain incident response plans and playbooks.
Policy and Compliance:
Develop and enforce security policies and procedures.
Ensure compliance with relevant regulations and standards.
Collaboration:
Collaborate closely with development, operations, and security teams to integrate
security into the entire SDLC.
Provide guidance and training to teams on security best practices.
Monitoring and Alerting:
Implement and manage security monitoring and alerting systems.
Respond to and investigate security alerts in collaboration with the incident
response team.

Must-Have Skills:
Extensive experience in DevOps methodologies and practices, with a focus on
integrating security into CI/CD pipelines.
Strong understanding of security principles, best practices, and common
vulnerabilities (e.g., OWASP Top 10).
Hands-on experience with security tools and technologies such as static code
analysis, DAST, container security scanning, and vulnerability management.
Proficiency in scripting and automation using languages such as Python, Bash, or
Ruby.
Experience with cloud platforms such as AWS Cloud Platform and securing cloud-
native applications and infrastructure.
Excellent leadership and team management skills, with the ability to mentor and
motivate team members.
Strong problem-solving and communication skills, with the ability to collaborate
effectively with cross-functional teams.
Ability to stay current with industry trends and emerging security threats.

Good-to-Have Skills:
Experience with infrastructure as code (IaC) using tools such as Terraform,
CloudFormation, or Ansible, and integrating security into IaC pipelines.
Familiarity with security compliance frameworks and standards (e.g., NIST, ISO
27001, SOC 2).
Knowledge of identity and access management (IAM) principles and technologies.
Experience with security incident response and forensics.
Certification in relevant security-related domains (e.g., CISSP, CEH, AWS Certified
Security Specialty).

Could-Have Skills:
Familiarity with DevSecOps tools and frameworks such as OWASP SAMM and DevSecOps
Maturity Model.
Experience with threat modeling and risk assessment methodologies.
Knowledge of container orchestration platforms such as Kubernetes and securing
containerized environments.
Contribution to open-source security projects.
Experience with application security testing and secure coding practices.

Education and Experience:

Bachelor's degree in computer science, Engineering, Information Security, or
related field (or equivalent work experience).
8+ years of experience in a DevOps or security engineering role, with at least 3
years focused on security.
Proven track record of successfully leading and managing DevSecOps teams.
Experience working in agile development environments.
Excellent communication skills to convey complex security concepts to technical and
non-technical stakeholders.

2.

Summary of Business Unit/Function: DevSecOps Automation Enablement mission is to

provide standardised value-added services to the Developer experience and cloud
enablement solutions, processes and tools that deliver the highest level of service
to our customers through bold innovation, focused risk management and a
collaborative and open culture of continuous improvement. Role Summary: DevSecOps
architect is a key role within DevSecOps Automation Enablement team, having
responsibilities to facilitate adoption of standard Development toolset as well as
standard architecture patterns for onboarding applications onto Cloud. The role
will have potential involvement throughout project lifecycle phases – from
gathering Requirements to Production deployment, and interaction with a wide
variety of teams to generate and refine developer-focused resources including cloud
architectures patterns, templates for CI/CD pipelines, application builds,
automated testing, code scanning to production deployments. There will also be
involvement in proof-of-concept implementations, pilots and definition of
Principles, Policies and Standards. Provides a framework, functions(scripts), and
templates to ensure consistent and efficient delivery automation of SDLC and
infrastructure lifecycle activities, reducing human intervention, avoiding
redundancy, and enabling development teams to realize the full benefits of standard
tools and processes. Key Responsibilities and Accountabilities:

Participate in deep-dive analysis and maturity assessment of current DevOps

practices
Identify and define Automation Architecture Principles and how to apply them in
building or re-working the automation framework(s) and artefacts
Support delivery projects from technological and logistical perspective
Develop automation solutions for Cloud (IAC - Terraform), CI/CD pipelines (YAML)
and QE process areas application technologies
Develop design patterns, modules, and libraries to integrate SDLC processes into
the CI/CD pipeline
Provide Technical expertise in resolving automation engineering, coding, and
architecture issues
Interface with Cloud Engineering/Ops, DevTools on all DevSecOps Automation-related
issues
Participate as a major contributor to the selection of automation tools
Participate in tools Proof of Concept (POCs) and provide final analysis and
recommendations
Contribute to creating educational materials and conducting training and mentoring
sessions on DevSecOps-related subjects
Identify industry trends and ensure that these are reflected in the resources
provided to development teams, working with policy and platform owners where
necessary to effect change
Act as an advocate for the development team, working to understand and mitigate
challenges and gaps with regards to all aspects of the intake process Essential
Technical Skills
Good knowledge of Infrastructure as Code concepts (IAC)
Knowledge of Cloud Technology basics across CSPs – Amazon, Microsoft, and Google
Knowledge and implementation experience of DevOps, CI/CD, DevSecOps concepts
Good level of understanding of Architecture principles, design methodologies and
their applicability
Ability to work in an Enterprise organization and be able to communicate with
senior members of Dev, Infrastructure, and Architecture teams as needed.
Hands-on experience of the following: o Creating and deploying CI/CD pipelines
(GitLab / Jenkins / Nexus) o Configuring and running Code/Binary scans using
solutions like SonarQube, Veracode, etc. o Configuring and using Secrets management
tools like Vault and Cloud native solutions o Broad knowledge of SDLC Tools,
specifically Build, Test and Deploy Automation tools, e.g., Maven, Gradle,
Selenium, Ansible, etc. o Good understanding on Dockers o Proficiency in at least
one of the standard programming languages – Java/JavaScript, C#, Python, or similar
Object-oriented programming
Good understanding of Test Automation implementation across at least one of the
platforms – Web, Desktop, Cloud, Mobile, etc. Essential Experience:
5+ years of experience in Programming (see preferred languages above)
5+ years of experience in DevOps Automation across various Technologies
5+ years of experience in working at an Enterprise organisation implementing large
scale, niche, end-to-end, advanced technology solutions
5+ years of hands-on experience across Cloud Services, SDLC Tools, specifically
CI/CD tools – Open-Source or Commercial. Qualifications:
BA/BS in IT or Business-related technology field or equivalent work experience.
Training: Preferred -
All relevant Programming and Automation Training Other requirements:
Strong collaboration and communication skills are a must
Experience in the Finance industry or knowledge of Financial products is a huge
plus

3.

client is looking for a DevSecOps Engineer to join our Consumer Information

Services Data Technology team. You’ll be responsible for providing system and
application support both on-prem and in AWS environments

Responsibilities

Provide DevSecOps support across Test, Staging, Production on-prem and in cloud
environments
Operations support across multiple products on-prem and in cloud
AWS resource provisioning, management, architecture with a focus on cost and
optimization
Build and maintain automation pipelines supporting Continuous Delivery using
Ansible, Jenkins and Docker
Key support on migration projects of on-prem to AWS
Build Splunk and Dynatrace Dashboards and alerts, integrated with X-Matters oncall,
ServiceNow and Slack
Lead projects & initiatives to completion to improve and streamline operational
processes and maximize resources
Interface with other teams to resolve complex issues that have implications beyond
your own area
Assess infrastructure and application vulnerabilities and take remediation actions
as appropriate.

Qualifications

Experience in AWS including EMR, EC2, Terraform, Lambda, S3, Cloudwatch, VPC
Experience in setup of Openshift Containerization Platform and Kubernetes cluster
across the cloud platforms.
DevSecOps tools such as Ansible, Splunk, Dynatrace, Kubernetes, Confluence, Jenkins
High scalability projects involving on-prem and cloud-based
Experience with scripting languages Perl, Python, Powershell, Bash
Previous experience testing across multiple platforms (API, web.)
Direct hands-on experience with ad hoc query programs (MySQL required, DB2 a plus),
automated testing tools, and reporting software.
Knowledge and experience in Agile framework using Jira
Experience with LDAP and Active Directory
Experienced with some ancillary technologies necessary for Internet applications:
HTTP, TCP/IP, POP/SMTP, etc.
Automation testing using Selenium WebDriver or Robot Framework
Self-starter with a great deal of ownership and initiative supporting operations
Network and storage knowledge a plus
Strong communication skills when responding to internal and external partners

4.

We are seeking a talented and experienced Principal DevSecOps Engineer to join our
dynamic team and play a pivotal role in enhancing our software development and
deployment processes while ensuring the highest level of security.

Key Responsibilities:

DevOps Integration: Collaborate with software development and IT operations teams

to integrate security into the DevOps pipeline, automating security controls, and
promoting a culture of security awareness.
Security Automation: Develop and maintain automation scripts and tools for security
testing, scanning, and monitoring of applications, infrastructure, and code
repositories.
Continuous Monitoring: Implement continuous monitoring solutions to detect and
respond to security threats and vulnerabilities in real-time.
Security Testing: Conduct regular security testing, including static analysis,
dynamic analysis, and penetration testing, to identify and remediate
vulnerabilities.
Incident Response: Assist in developing and maintaining incident response plans,
and actively participate in security incident response activities when necessary.
Compliance: Ensure compliance with industry standards and regulations (e.g., GDPR,
HIPAA, ISO 27001) by implementing necessary security controls and conducting
audits.
Security Education: Provide training and guidance to development and operations
teams on security best practices and tools.
Toolchain Management: Evaluate, select, and maintain security tools and
technologies that enhance the security posture of the organization.
Threat modelling of Poppulo product environment
Requirements:

10+ years experience in software development or DevSecOps role

Bachelor’s degree in computer science, Information Security, or related field (or
equivalent work experience).
Proficiency in scripting and programming languages (e.g., Python, Ruby, Bash).
Familiarity with containerization and orchestration technologies (e.g., Docker,
Kubernetes).
Proven experience in DevSecOps, including experience in automating security
practices within a DevOps environment.
Proficiency in DevOps practices, toolchain and processes – source code, build
pipeline, deployment, observability, AWS
Strong knowledge of security tools and technologies, such as vulnerability
scanners, WAFs, SIEM, and IDS/IPS.
Experience with cloud security best practices, preferably AWS, Azure, or GCP.
Understanding of security exposure during product development and deployment –
scanning, prioritizing and validating fixes.
Knowledge of relevant tools - Snyk, Crowdstrike, SonarQube or similar
Ability to communicate and collaborate with development teams, Devops team and
security teams
Experience with Security Audits, Incident Response, Threat Modelling, Monitoring
and Analysis
Nice to Have:

Relevant security certifications (e.g., CISSP, Certified Ethical Hacker, CompTIA

Security+) are a plus

5.

Job Description

As a DevSecOps Manager, you will be tasked with focusing on end-to-end security,

handling operational aspects to alleviate the workload on developers, thereby
increasing productivity. You will serve as the first level of triage interface with
our PD partners.

Your role will involve leveraging and integrating Gen AI technologies to execute
these functions. You will have the opportunity to significantly enhance our
operations, automate repetitive tasks, execute tests, and provide valuable insights
through data analysis.

Additionally, you will oversee the infrastructure and operational aspects of our
production environment. This role requires a proactive approach to identifying and
mitigating security risks and a strong focus on customer service.

Essential Functions:

Act as the first level of triage interface for primary Shiftleft product between
Cybersecurity and TLT's across Visa
Manage operational aspects to increase productivity and reduce developer load.
Leverage Gen AI technologies for task execution and data analysis.
Ensure end-to-end security across all operations.
Automate repetitive tasks and test execution.
Design and Orchestrate CI/CD execution
Oversee the infrastructure and operational aspects of the production environment.
Lead and manage a team of DevSecOps professionals.
Take responsibility of DevSecOps for additional product : CDAST

This is a hybrid position. Hybrid employees can alternate time between both remote
and office. Employees in hybrid roles are expected to work from the office 2-3 set
days a week (determined by leadership/site), with a general guidepost of being in
the office 50% or more of the time based on business needs.

Qualifications

Basic Qualifications:

5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years

of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years
of work experience with a PhD, OR 8+ years of relevant work experience.

Preferred Qualifications:

6 or more years of work experience with a Bachelor’s Degree or 4 or more years of

relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3
years of relevant experience with a PhD.
Leadership: Ability to guide, motivate, and manage a team of DevSecOps
professionals.
Technical Expertise: Deep understanding of DevSecOps tools and practices,
including CI/CD, containerization, orchestration, and cloud platforms.
Security Knowledge: Proficiency in security principles, threat modelling,
vulnerability assessments, and secure coding practices.
Strong test automation design and architecture knowledge, both UI and API.
Able to engage with customers for first level of product triage.
Bonus : GenAI ability to learn, design and implement Test/CI/CD automation with
Copilot / Chat GPT.

6.

Security Automation: Develop and maintain automated security tools and processes to
identify vulnerabilities, perform code analysis, and conduct security testing. This
includes integrating security scanners, static code analysis tools, and
vulnerability assessment tools into the CI/CD pipeline.

Secure Infrastructure: Work with infrastructure and operations teams to design and
implement secure cloud infrastructure, network architecture, and deployment
processes. This involves ensuring proper access controls, encryption, and
monitoring are in place.

Continuous Monitoring: Implement security monitoring tools and processes to

proactively identify and respond to security events and anomalies. This includes
log analysis, intrusion detection, and system monitoring.

Secure Coding Practices: Promote and enforce secure coding practices within the
development teams. Provide guidance on secure coding techniques, code reviews, and
security testing methodologies.

Collaboration and Communication: Foster collaboration and communication between

development, operations, and security teams. Act as a liaison to ensure that
security requirements are understood and integrated into the development process.

Compliance and Auditing: Assist in compliance assessments and audits to ensure

adherence to regulatory requirements and industry standards. Collaborate with
auditors and provide necessary documentation and evidence of security controls.

Desired Skills And Experience

3+ years of relevant DevOps, SecOps, DevSec work experience in Production

environments
Software Development: Basic programming skills and experience with software
development practices are crucial. Understanding languages like JavaScript,
TypeScript, Python and concepts such as version control (e.g., Git), continuous
integration/continuous delivery (CI/CD) pipelines
Security Knowledge: Familiarity with security principles, standards, and best
practices is essential. This includes knowledge of common security vulnerabilities
(e.g., OWASP Top 10), secure coding practices, encryption, authentication, access
control, and security testing methodologies.
DevOps Practices: Proficiency in DevOps methodologies and tools is important. This
involves understanding CI/CD pipelines, infrastructure automation (e.g., using
tools like Docker, Kubernetes), configuration management, and
monitoring/observability practices.
Risk Assessment and Mitigation: The ability to assess risks and apply appropriate
security controls is crucial. Understanding threat modeling, risk assessment
techniques, vulnerability management, and incident response planning can help
identify and mitigate security risks effectively.
Collaboration and Communication: DevSecOps requires effective collaboration and
communication skills. You should be able to work closely with cross-functional
teams, including developers, security professionals, and operations personnel, to
promote security practices and integrate security seamlessly into the development
process.
Automation and Tooling: Proficiency in automation tools and technologies is
beneficial. Knowledge of tools like security scanners (e.g., SAST, DAST),
vulnerability management systems, log analysis tools, and security-focused
frameworks can help automate security processes and improve efficiency.
Security Certifications: Obtaining relevant security certifications, such as
Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker
(CEH), or Certified Information Systems Security Professional (CISSP), can enhance
your credibility and demonstrate your commitment to security practices

a) Monitor the core cloud infrastructure used by all of Synapse's engineering

teams. Lead the design of a secure cloud architecture in AWS implementing
preventative security measures (detection, monitoring, exploitation) utilizing new
and existing tools. collaborate with Pen tester.
b) Responsible for defining the security strategy and integrating regulatory
compliance requirements (e.g., PCI DSS, SOC2 GLBA, FFIEC, etc.) into the
organizational security roadmap.
c) Analyze threats, provide technical security planning, implementation,
configuration, support and troubleshooting services on all security technologies.
Manage cloud, network, data, and endpoint protections working closely with other
engineers using the AWS ecosystem. (Centralized change management , alert
management, EKS Cilium policy management.
Below are the tools mentioned in each of the provided summaries:

1. **Summary 1:**
- Automation and Scripting: Python, Bash
- Security Testing: SAST, DAST
- Incident Response: Incident response plans, playbooks
- Policy and Compliance: Security policies, procedures
- Monitoring and Alerting: Security monitoring and alerting systems

2. **Summary 2:**
- Infrastructure as Code (IaC): Terraform
- CI/CD pipelines: GitLab, Jenkins, Nexus
- Code/Binary scans: SonarQube, Veracode
- Secrets management: Vault
- SDLC Tools: Maven, Gradle, Selenium, Ansible
- Containerization: Docker
- Test Automation: Selenium WebDriver, Robot Framework

3. **Summary 3:**
- AWS Services: EMR, EC2, Lambda, S3, Cloudwatch, VPC
- Containerization: Openshift, Kubernetes
- DevSecOps Tools: Ansible, Splunk, Dynatrace, Confluence, Jenkins
- Automation: Perl, Python, Powershell, Bash
- Testing: Selenium WebDriver, Robot Framework

4. **Summary 4:**
- CI/CD: GitLab, Jenkins
- Security Tools: Snyk, Crowdstrike, SonarQube
- AWS: AWS Cloud Platform
- Development Tools: AWS, CI/CD tools
- Automation: Python, Ruby, Bash
- Relevant security certifications (e.g., CISSP, Certified Ethical Hacker,
CompTIA Security+).

5. **Summary 5:**
- Gen AI Technologies
- CI/CD: GitLab, Jenkins
- Automation: Copilot / Chat GPT

6. **Summary 6:**
- Automation: Security scanners, static code analysis tools, vulnerability
assessment tools
- Infrastructure: Docker, Kubernetes
- Monitoring: Log analysis tools, intrusion detection, system monitoring
- Security Certifications: Certified Secure Software Lifecycle Professional
(CSSLP), Certified Ethical Hacker (CEH), Certified Information Systems Security
Professional (CISSP).
These tools are utilized for various purposes such as automation, testing,
infrastructure management, security monitoring, compliance, and incident response,
aligning with the responsibilities and requirements outlined in each summary.