SmartRecruiting is looking on behalf of its client, an experienced DevSecOps Specialist.
Location: Prague
Business hours: Usually 09.00-17.00 -Monday to Friday, but we offer flexibility.
Project: the candidate will join an important European project, in which one their will have the opportunity to work with international and highly qualified teams.
The ideal candidate should have:
- European Nationality, Citizenship or Work Permit for the UE.
- C1 level of English.
Requirements:
- Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
- Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (Clair, Sonarqube, etc.).
- Ability to review and analyze vulnerability data application’s and determine any reported vulnerabilities that are false positives.
- Capability to prepare security vulnerability reports for management.
- Coordination and remediation of vulnerabilities within established timeframes.
- Knowledge in Python, Bash and/or other programming and scripting languages.
- Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc.).
- Experience configuring, implementing and leveraging computer security.
- Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
- DevOps Automation: GitHub/Gitlab
- Knowledge of Kubernetes, Docker, container orchestration platforms (OpenShift, Rancher), container image registers (i.e. docker hub, harbor)
- Knowledge of Secret Scanning, Secure code analysis, Dynamic Application Security Testing, Static Application Security Testing tools, Container Scanning.
Nice to have:
- Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
- Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc.).
- DevOps Automation: Azure DevOps, Jenkins (any), Helm charts.
- Experience with Microsoft Azure.