Principal Software Engineer – DevSecOps

AWS Security and IAM:

• Extensive experience in managing AWS IAM roles, policies, and permissions, ensuring adherence to the principle of least privilege.

• Proficiency in utilizing AWS security services such as AWS Config, CloudTrail, GuardDuty, and Security Hub for continuous monitoring and compliance.

• Hands-on experience with AWS Key Management Service (KMS) for encryption key management and data protection.

Azure Security and Identity Management:

• Solid understanding of Azure Active Directory (AAD) for identity and access management across Azure resources.

• Experience with Azure Role-Based Access Control (RBAC) to manage permissions and access to Azure services.

• Familiarity with Azure Security Center and Azure Policy for assessing and improving the security posture of Azure environments.LinkedIn+3careers-buspatrol.icims.com+3SmartRecruiters+3

Infrastructure as Code (IaC) and Automation:

• Proficient in developing and maintaining infrastructure using IaC tools such as Terraform, AWS CloudFormation, and Azure Resource Manager (ARM) templates.

• Experience in automating security configurations and compliance checks across AWS and Azure environments.

• Skilled in implementing and managing secrets management solutions like AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault.

CI/CD Pipeline Security Integration:

• Expertise in integrating security controls and checks into CI/CD pipelines using tools like Jenkins, GitLab CI/CD, Azure DevOps, or AWS CodePipeline.

• Experience in automating static and dynamic code analysis (SAST/DAST) to identify and remediate vulnerabilities early in the development lifecycle.

• Familiarity with containerization and orchestration tools like Docker and Kubernetes, including implementing security best practices.

Monitoring and Incident Response:

• Proficient in setting up and maintaining monitoring and alerting systems using AWS CloudWatch, Azure Monitor, and third-party SIEM tools.

• Experience in developing incident response plans and conducting regular drills to ensure preparedness for security events.

• Skilled in conducting root cause analysis and implementing corrective actions to prevent future incidents.

Compliance and Governance:

• Thorough understanding of industry standards and frameworks such as ISO 27001, SOC 2, PCI DSS, and HIPAA.

• Experience in maintaining documentation for security policies, procedures, and compliance audits.

• Stay updated on emerging security threats and cloud security features to proactively address potential risks.

Vulnerability Management:

• Hands-on experience with vulnerability assessment tools like Snyk, TruffleHog, and CrowdStrike CSPM to identify and remediate security issues.

• Ability to prioritize and track remediation efforts to ensure timely resolution of vulnerabilities.

Collaboration and Training:

• Proven ability to work closely with development, operations, and security teams to promote a culture of security and shared responsibility.

• Experience in providing training and guidance on secure coding practices, cloud security, and DevSecOps methodologies.

Application Security:

• In-depth knowledge of secure coding practices, including familiarity with OWASP Top 10 and CWE guidelines.

• Experience integrating security into the Software Development Life Cycle (SDLC).

Threat Modeling:

• Proficiency in threat modeling methodologies such as STRIDE and DREAD.

• Ability to identify attack surfaces and develop mitigation strategies.

Cloud Security:

• Expertise in AWS and Azure security best practices, including IAM, KMS, GuardDuty, and Security Center.

• Understanding of encryption mechanisms for data at rest and in transit.

• Experience in hardening cloud resources to prevent unauthorized access.

Infrastructure and CI/CD Security:

• Knowledge of securing Infrastructure as Code (IaC) using tools like Terraform and CloudFormation.

• Experience with secrets management and integrating security scans (SAST, SCA, DAST) into CI/CD pipelines.

Vulnerability Management:

• Proficiency in using tools like Snyk, TruffleHog, and CrowdStrike CSPM for vulnerability assessment.

• Ability to prioritize vulnerabilities based on risk and impact.

Authentication and Authorization Security:

• Understanding of OAuth 2.0, OpenID Connect, and Single Sign-On (SSO) principles.

• Experience in implementing secure authentication and authorization mechanisms.

Container and Kubernetes Security:

• Knowledge of container security best practices, including image scanning and hardening.

• Experience with Kubernetes security features like RBAC and network policies.

Cryptography Fundamentals:

• Familiarity with TLS/SSL protocols, encryption standards, and key management practices.

Security Standards and Compliance:

• Awareness of frameworks such as NIST, ISO 27001, SOC 2, and PCI DSS.

• Experience in aligning security practices with compliance requirements.

DevSecOps Tooling:

• Proficiency in using CI/CD tools like GitHub, GitLab, and Bitbucket, and integrating security automation into workflows.