DevSecOps Engineer

Qualifications

• Bachelor's degree in Information Technology, Computer Science, Computer Engineering, Information Systems or relevant technical field experience
• Having experience in DevSecOps Engineer min 1+ years
• Tools : OWASP ZAP, Sonarqube, AppSpider, Acunetix
• Good communication skills in English and Bahasa indonesia
• Understanding on SAST, DAST
• Excellent knowledge in at least scripting languages : Python is preferred
• Awareness of critical concepts in DevSecOps and Agile principles
• Knowledge of different layers of such as Cloud, Network, Application, Data, and Compliance
• Some hands-on experience in the areas of penetration testing mobile applications or websites
• Comprehension of Key Management Systems, Certificate Management, Encryption, Vulnerability Scanning, and Monitoring tools, etc
• Ability to work with APIs and Plugins to integrate tools into established CI/CD pipelines
• Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes
• Contribution to bug bounty programs, hacktivist fests, capture the flag challenges. Open source and github profile would be a plus

Responsibilities

• Participate in the development of a small to medium complexity project, process or initiative within their technical focus area (cloud , identity access management, vulnerability management, penetration testing, automation, test/abuse case research, QA)
• Work with DevSecOps engineering teams to review their design/architecture, perform risk assessments and provide suitable control recommendations as appropriate.
• Identify additional areas of opportunity and means for knowledge sharing practices across teams.
• Codify the learnings into reusable knowledge snippets/artifacts besides curating the same for continual consumption