Roles & responsibilities:● Collaborate with development teams to integrate security testing and controls into CI/CD pipelines● Implement security as code practices to automate security checks and enforce policies● Conduct security assessments and penetration testing to identify vulnerabilities early in the development process● Provide guidance and training to developers on secure coding practices and common security pitfalls● Develop and maintain security standards, guidelines, and controls for cloud infrastructure, particularly on AWS● Monitor cloud environments for security incidents and anomalies, and respond accordingly● Stay up-to-date with the latest cloud security best practices, threats, and compliance requirementsOKR● Automate 80% of security checks within CI/CD pipelines using “security as code” practices.● Maintain 100% compliance with internal security standards and external frameworks● Reduce the average time to detect, respond, and resolve security incident● Achieve integration of security practices in 90% of development projects. Requirements:● 3+ years of experience in cybersecurity, with a focus on DevSecOps and cloud security● Strong understanding of application security concepts and secure coding practices● Proficiency in implementing security controls and testing in CI/CD pipelines using tools like Snyk, SonarQube or other shift-left products● Experience with cloud security controls and best practices, particularly on AWS● Knowledge of common cloud security threats, such as misconfigured S3 buckets, exposed credentials, and DDoS attacks● Familiarity with cloud security frameworks like the AWS Well-Architected Framework and CIS Benchmarks● Excellent communication and collaboration skills to work effectively with development teamsPreferred Skills and Qualifications:● Certifications such as AWS Certified Security - Specialty, SSCP, CSSLP.● Experience with Infrastructure as Code (IaC) tools like Terraform and CloudFormation● Knowledge of cloud security monitoring and incident response best practices● Familiarity with compliance frameworks like HIPAA, PCI-DSS, and GDPR● Exposure to the FinTech industry.
Apply to this job
