Devops Security
Dubai, United Arab Emirates
Job Description
Position title
Devops Security
Description
Organization Unit Purpose: The unit\xe2\x80\x99s primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber/ information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.
Responsibilities
Primary/General Job Purpose:
- Encourage \xe2\x80\x98Shift Left\xe2\x80\x99 Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
- Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
- Assessments \xe2\x80\x93 Act as a DecSecOps engineer to Perform security assessment, gap analysis to provide appropriate remediations to the teams for implementing the
- Key Skills \xe2\x80\x93Container Security, Machine Learning and Analytics Security Review, Security Code review, API security, Platform security for open-source technologies for Platform as a Service technologies, Python / R knowledge.
Qualifications
Security Assessment Skillset:
- Machine Learning security assessment skillsets \xe2\x80\x93 Code review for Python based code and sound knowledge on Machine learning and AI using python.
- Good understanding of Keras, Tensorflow and other AI related frameworks.
- Excellent knowledge of embedding security into CI/CD pipelines using Jenkins, Argo CD.
- Excellent with docker / K8s based containers.
- Should have minimum experience of 2 years in managing security for Onpremises Kubernetes cluster. Knowledge on Cloud K8S clusters would be an added advantage.
- Good with Security assessment for big data platform \xe2\x80\x93 Cloudera platform.
- Should have hands-on experience in security review of queue management systems such as Kafka.
- Mandatory certifications required \xe2\x80\x93 CKA (Certified Kubernetes Administrator) and CKS (Certified Kubernetes Security Specialist).
- Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
- Holistic thinking; must balance security and functionality using practical demonstrable examples.
- Must also contribute to and implement \xe2\x80\x9cgood architecture principles\xe2\x80\x9d to lower technical debt.
- Assertive personality; should be able to hold her/his own in a project board or work group setting.
- Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
- Ability to work under pressure and meet tough/challenging deadlines.
- Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not.
- Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint.
- Has strong decision making, planning and time management skills.
- Can work independently.
- Has a positive and constructive attitude.
- Experience : 3-8 years
Education
- Bachelor\xe2\x80\x99s degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar.
- General Information Security: CISSP, OSCP, CEH, CISM/CISA or similar
- General Cloud Security: CCSK /CCSP or similar
- Kubernetes Security: CKA / CKS
- Specific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similar
- Network Security: CCNA, CCNP, CCIE
- Must have minimum 4 years of experience in an information security function with good background in information technology, stakeholder management and people management.
- Minimum 3 years of experience, as a Security Engineer especially in Cloud Native environments.
- Deep foundational knowledge of Containerized environment and CI/CD pipeline.
- Expert at the technology and frameworks in his/her area of expertise, and coach other architect on development standards and best practices.
- Good understanding of Microservice based architecture (Technical).
- Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security.
- Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical).
- The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
- The Analyst / Engineer can understand and interpret potential issues found in source or compiled code.
- The Analyst / Engineer has automation skills/capability in the form of scripting or similar.
- The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures.
- Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories.
- The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance.
- The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams.
- The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports.
- Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team. Good negotiation skills will be desirable.
- Must have good judgment skills to decide on an exception approval.
- Ability to enforce improvements when necessary, using Influence rather than Policing measures.
- Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders.
- Knowledge of application of Agile methodologies/principles such as Scrum or Kanban.
- Influencer/Security Evangelist for the Team/Squad
- Positive & Constructive Attitude
- Autonomous worker / Decision Maker
- Good listener
- Patient & Calm during stressful situations
- High energy individual / Motivator
- Win-Win Attitude
- Hacker/Defense-In-Depth mindset
- Analytical thinking
- Team Player/Interpersonal Skills
- Eye for detail
- Persistent & Persuasive
- Organized / Structured
- Deadline oriented
- Competent and committed
- People\xe2\x80\x99s Person; understands stakeholder management
- Empathetic
- Passionate about architecting smart solutions
- Innovator/Out of the box thinker
- Collaborative Leadership style
- Confident Presenter
- Age \xe2\x80\x93 No bar
- Nationality \xe2\x80\x93 No bar
- Gender \xe2\x80\x93 No bar
Hiring organization
Employment Type
Full-time
Job Location
Dubai UAE
Date posted
Dec 14, 2023
Valid through
Jan 14, 2024
More jobs on https://www.qureos.com/
More jobs on https://www.qureos.com/
Beware of fraud agents! do not pay money to get a job
MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.
Related Jobs
Job Detail
-
Job IdJD1622776
-
IndustryNot mentioned
-
Total Positions1
-
Job Type:Full Time
-
Salary:Not mentioned
-
Employment StatusPermanent
-
Job LocationDubai, United Arab Emirates
-
EducationNot mentioned