Datafin was established in 1999 due to the need for a specialized IT recruitment solution. We offer a personalized and flexible recruitment service, specializing in providing both client and candidate with the perfect fit. We pride ourselves on the fact that we have established relationships with industry leaders as well as access to some of the most skilled and sought after candidates in the industry. Our database of over 25 000 candidates, cutting edge internal IT systems and extensive PPC marketing has ensured that we at the top of our game and one of SA’s leading recruitment agencies.
Job Title: DevSecOps Engineer
Location: Cape Town
Salary: Market Related
Job Type: Permanent
Sectors: IT
Reference: 24533
Vacancy Details
ENVIRONMENT:
A Digital Innovation, Development and Execution Partner is looking for a talented DevOps Engineer. In this role you will be thrust into the heart of their containerized web and mobile application environment, predominantly hosted via Kubernetes in AWS. Your primary task will be to fortify their CI/CD pipelines, ensuring every line of code undergoes rigorous quality and security checks before seamlessly integrating into the company’s systems.
DUTIES:
- Integration of Security Tools & Practices: Implement and maintain security tools within the CI/CD pipeline ensuring timely detection and correction of vulnerabilities.
- Automated Security Testing: Set up and manage tools that perform automated security testing of applications and infrastructure, such as SAST, DAST, IAST, and RASP.
- Cloud Security: Ensure the secure configuration and deployment of cloud resources.
- Provide expertise on cloud-native security solutions.
- Container Security: Secure containerized applications throughout their lifecycle, from build to deployment.
- Security Awareness & Training: Collaborate with development teams to enhance their security knowledge and integrate security practices into their workflows.
- Incident Response: Collaborate with the security team on incident response plans and participate in incident handling when needed.
- Security Metrics & Reporting: Monitor and report on security metrics, providing insights and recommendations.
- Vulnerability Management: Work on patch management processes and engage in the timely resolution of identified vulnerabilities.
- Continuous Improvement: Stay updated on new security technologies, threats, and best practices. Recommend and implement improvements to enhance security without compromising the velocity of development.
- ISO27001 Stewardship: Oversee the adherence to ISO27001 standards within the realms of development and security. This role does not extend to operational oversight but ensures development and security practices are in line with the certification’s standards.
REQUIREMENTS:
- Background & Experience: Originating from an open-source operating system background, candidates should possess a minimum of 5 years in IT, with 3 years focused on DevSecOps roles.
- Cloud Expertise: Demonstrated experience working in cloud environments, with a deep understanding of cloud architectures, services, and best practices.
- Penetration Testing & Security Analysis: Proficiency in conducting penetration tests and thorough security analyses to identify vulnerabilities and suggest remediation measures.
- Programming Skills: Strong coding capabilities, with experience in languages such as Python, Go, Java, JavaScript, and TypeScript, to develop and integrate security solutions.
- Certifications: Possessing industry-specific certifications, such as AWS DevOps or Security, will be considered an advantage.
- Leadership & Communication: Prior experience leading teams complemented by Excellent communication and leadership abilities.
- Problem-Solving Abilities: Exceptional troubleshooting skills, with a knack for addressing complex technical issues.
- Incident Response: Demonstrated ability in IT Incident Response and handling
- security breaches.
- Networking: A foundational grasp of networking principles and experience with
- firewalls from brands like Fortigate, Palo Alto, and Mikrotik.
- Process & Documentation: Process-driven mindset with the ability to produce clear
- documentation supporting development and security activities.
Familiarity with the following technologies would be ideal:
- Container Orchestration: Docker and Kubernetes.
- Cloud Platforms: Specifically, AWS.
- Infrastructure As Code: Tools such as Terraform and Ansible.
- Kubernetes Package Manager: Experience with Helm Charts.
- CI/CD Tooling: Familiarity with Gitlab, Jenkins, CircleCI, among others.
- Penetration Testing Tools: Tools like Burp Suite, W3af, and Zed Attack Proxy.
- Vulnerability Assessment: Hands-on experience with tools like Nessus and Metasploit.
- System Monitoring: Tools including Datadog and New Relic.
- Cloud Security Posture Management: Knowledge of solutions such as Datadog, Prisma Cloud, and Aquasec.
- SIEM Tools: Familiarity with SIEM solutions like Datadog, Splunk, Log Analytics, Elastic, or Exabeam.
ATTRIBUTES:
- Self-motivated and driven
- Proactive
- Accountability and Execution
- Adaptability
- Control and Efficiency
- Information Monitoring
- Initiating Action
- Optimising Diversity
- Ownership
- Planning and Organising
- Technical Knowledge
- Team Orientation
While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.
To Apply
Click Here!
Application Deadline: February 06 2024
COMMENTS:
When applying for jobs, ensure that you have the minimum job requirements. Only SA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Apply here https://www.datafin.com/job/devsecops-engineer/
OR e-mail a Word copy of your CV to [email protected]and mention the reference number of the job.