职位&公司对比

职位详情

• 南京
• 5-10年
• 本科

• Devops

Job Summary We are seeking a passionate and experienced DevSecOps Engineer to play a crucial role in embedding security throughout our software development lifecycle (SDLC). You will be responsible for integrating security practices into our DevOps processes, ensuring the delivery of secure and compliant applications. The DevSecOps Engineer plays a crucial role in bridging the gap between development, se来自BOSS直聘curity, and operations teams to ensure the seamless integration of security practices throughout the software development lifecycle. This position focuses on implementing and maintaining security measures in all stages of the development process to safeguard organizational assets and data. Competence • Deep understanding of security principles, practices, and tools. • Develop, implement, and regularly update security policies to ensure alignment with industry standard and regulatory requirements. • Strong knowledge of DevOps methodologies and tools, particularly CI/CD pipelines. • Expertise in infrastructure as code (IaC) tools like Terraform or Ansible. • Experience with cloud platforms (AWS, Azure, GCP, Huawei Cloud, Tencent Cloud and AliCloud) and containerization technologies (Docker, Kubernetes). • Experience with Active Directory Scripting and Automation tools. • Excellent scripting and automation skills (Python, Bash, PowerShell). • Strong problem-solving and analytical abilities. • Excellent communication and collaboration skills. Essential Duties and Responsibilities 1. Security Integration: Collaborate with development and operations teams to integrate security measures into the DevOps pipeline, ensuring security is a fundamentkanzhunal part of the development process. Troubleshoot and resolve AD-related issuesboss, that may impact user authentication, access or system performance. 2. Automation: Develop and maintain automated security processes, including vulnerability scanning, code analysis, and compliance checks, to enhance the speed and efficiency of software development while maintaining a high security posture. Skill in PowerShell and other scripting languages are valuable for automating repetitive tasks and managing AD environments effectively. 3. Risk Assessment: Conduct regular risk assessments and security audits to identify and address vulnerabilities in applications, infrastructure, and processes. 4. Incident Response: Play a key role in incident response activities, including analysis, containment, eradication, and recovery from security incidents. Work closely with incident response teams to improve overall incident handling processes. 5. Continuous Monitoring: Implement and manage continuous monitoring solutions to detect and respond to security events in real-time, ensuring proactive identification and resolution of potential threats. 6. Security Training: Provide guidance and training to development and operations teams on secure coding practices, security best practices, and emerging threats. 7. Compliance: Ensure that systems and applications comply with relevant security standards, regulations, and industry best practices. Stay updated on changes in compliance requirements and implement necessary adjustments. 8. Tooling and Technology: Evaluate, implement, and manage security tools and technologies that enhance the organization's security posture, such as intrusion detection systems, fikanzhunrewall configurations, and encryption protocols. Candidate Requirements • Bachelor's degree in Computer Science, Information Security, or a related field. • 3+ years of experience in a DevOps or security engineering role. • Hands-on experience with security tools and technologies (e.g., SAST, DAST, WAFs, IDS/IPS). • Experience with scripting languages and automation frameworks. • Strong understanding of cloud security best practices. • Proven track record of DevSecOps achievements • Excellent communication and interpersonal skills. • Passion for security and a desire to stay ahead of the curve. Additional Considerations • Experience with a specific programming language (e.g., Java, Python, Go). • Certification in security (e.g., CISSP, CEH, OSCP). • Experience working in a regulated industry (e.g., finance, healthcare).