Designation:
Senior Azure DevSecOps Engineer
Position: Full-Time Location: 100% Remote
Start Date: ASAP
Nationality: Any Windows Management Experts (WME) is looking for a motivated and experienced Senior Azure DevSecOps Engineer Role to join one of our client companies in the finance niche. The Azure DevSecOps Engineer will be a key member of the Information Security team, responsible for integrating security practices into the entire Azure software development lifecycle.
This role focuses on automating security processes and identifying vulnerabilities early in the development process. The role will also ensure the security and compliance of applications, systems, and infrastructure throughout the Azure Security DevOps pipeline.
That said, this role will also require a background in building secure CI/CD pipelines across multiple environments. A solid focus on Kubernetes and scripting languages will be essential for this role.
Also, the successful candidate will be a self-motivated individual, who can work independently without strict supervision and within deadlines. That said, the preferred candidate should expect to work 40 hours per week and should be flexible enough to work part-time hours as well.
Required Skills/Qualifications/Education:
- Relevant industry certifications such as Certified DevSecOps Professional (DPS), Azure Security Engineer Associate, Certified Kubernetes Security Specialist (CKS), Certified Cloud Security Professional (CCSP), or others.
- Bachelor’s or master’s degree in computer science, Information Security, or related field.
- Experience with configuration management tools like Ansible or Puppet.
- Strong background in software development, operations, and information security.
- Experience with Azure DevOps practices and tools, as well as security integration into DevOps processes.
- Familiarity with CI/CD pipelines, automation tools, and version control systems (e.g., Git).
- Experience with Azure Security services i.e. Azure Key Vault, Azure AD, Azure Policy, etc.
- Knowledge of threat modeling and risk assessment.
- Proficiency in scripting and programming languages (e.g., Python, PowerShell, Bash).
- Experience with Zero Trust (preferred)
- Knowledge of the Azure platform and associated security controls.
- Strong expertise in Microsoft Azure i.e. Azure DevOps, Azure Security Center, Azure Sentinel, Azure Monitor, etc.
- Proficiency with Azure Resource Manager (ARM) templates for infrastructure as code (IaC).
- Experience with containerization and orchestration tools (e.g., Docker, Kubernetes).
- Strong understanding of security principles, protocols, and best practices.
- Excellent problem-solving and analytical skills.
Responsibilities of the Desired Senior Azure DevSecOps Engineer:
Delivers subject matter expertise in Azure Security DevOps.
Security Integration:
Collaborate with development and operations teams to integrate security into the software development lifecycle (SDLC), including design, development, testing, deployment, and maintenance phases.
Advocate for a security-first mindset and ensure that security considerations are addressed from the outset of projects.
Automation and Continuous Integration/Continuous Deployment (CI/CD):
Develop and maintain automated security testing and scanning tools as part of CI/CD pipelines.
Implement security controls and tests to identify vulnerabilities, code flaws, and misconfigurations in Azure.
Infrastructure Security:
Design, implement, and maintain secure infrastructure using Infrastructure as Code (IaC) practices.
Implement security controls for Azure, containers, and serverless architectures.
Vulnerability Management:
Perform regular vulnerability assessments and penetration testing on applications and infrastructure.
Collaborate with development teams to prioritize and remediate vulnerabilities.
Security Tooling:
Evaluate, implement, and manage security tools such as static and dynamic application security testing (SAST/DAST), container security, and vulnerability scanners.
Provide technical expertise in selecting and configuring security tools.
Security Monitoring and Incident Response:
Monitor and respond to security alerts and incidents, collaborating with incident response teams to investigate and mitigate security breaches.
Implement proactive measures to detect and respond to threats.
Compliance and Auditing:
Ensure applications and Azure infrastructure adhere to industry standards, regulations, and compliance requirements.
Collaborate with compliance teams to participate in audits and assessments.
Training and Education:
Educate development and operations teams on secure coding practices and security best practices.
Foster a culture of security awareness and ownership throughout the organization.
Documentation:
Maintain clear and up-to-date documentation of security practices, procedures, and standards.
Document security incidents, responses, and lessons learned.
Collaboration:
Work closely with cross-functional teams to address security concerns and align security goals with business objectives.
Bridge the gap between development, operations, and security teams.
Core Values:
- Integrity (Doing What’s Right)
- Inclusion (Encouraging Diversity)
- Teamwork (Working Together)
- Excellence (Being Your Best)
- Accountability (Taking Personal Responsibility)
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.