Description:
We are seeking a skilled DevSecOps Engineer with a strong background in Google Cloud Platform (GCP) to enhance our team. This pivotal role focuses on securing our development workflows on GCP. Your proficiency in GCP, Rego policies, and Terraform will be essential in establishing a secure and streamlined development pipeline.
Key Skills:
- Primarily focused on platform SDLC, working with Artifactory, implementing pipelines in GitHub, conducting security and vulnerability scanning, and adding attestations to artifacts to ensure thorough testing before deployment to a Kubernetes cluster.
- Implementing security checks across the entire SDLC lifecycle.
- Performing static code analysis and penetration testing.
Responsibilities:
- Develop and enforce Rego policies to maintain security and compliance within our GCP infrastructure and applications.
- Work with development and operations teams to integrate security into the GCP-focused CI/CD pipeline, automating security checks and scans.
- Use your GCP knowledge to design and implement secure microservices and containerized applications following GCP security best practices.
- Implement infrastructure-as-code (IaC) using Terraform to securely and efficiently manage GCP resources.
- Conduct comprehensive security assessments on GCP environments using GCP-specific security tools to identify and mitigate vulnerabilities.
- Perform threat modeling and risk assessments for GCP deployments and design effective security solutions.
- Collaborate with cross-functional teams to respond to GCP-specific security incidents, conduct root cause analysis, and implement corrective actions.
- Stay updated with GCP advancements, industry security trends, and best practices, and share knowledge with team members.
- Promote a culture of security awareness for GCP environments, integrating security considerations throughout the development process.
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
- Proven experience as a DevSecOps Engineer with a strong focus on GCP.
- Expertise in Rego policies and policy-as-code practices, particularly in GCP.
- Deep understanding of GCP services, security controls, and best practices.
- Proficiency in using GCP-specific security tools, vulnerability scanners, and penetration testing tools.
- Extensive experience with infrastructure-as-code (IaC) using Terraform for GCP resource management.
- Familiarity with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with GCP integrations.
- Strong knowledge of GCP security frameworks, standards, and compliance requirements.
- Solid understanding of container security in GCP and experience securing microservices.
- Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.
- Relevant GCP certifications such as Google Professional DevOps Engineer or Google Professional Cloud Security Engineer are highly advantageous.