In the context of building a DevSecOps offer for the digital and development Teams, a security profile is required to contribute to the offer construction, promotion and day-to-day operations.
The role missions are the following:
- Be the product owner of DevSecOps Security tools :
- Maintain, modernise & globalize the SDLC with the team in charge of the "ModernAppGarage"
- Help IT Development Teams to deliver secure custom applications:
- §Identify the necessary security layers (products, processes, configuration) to be part of the DevSecOps offer,
- § Identify the necessary security layers to be part of the overall digital app architecture in IAAS environment
- Deploy and high-level configuration of the tool
- Github, Gitlab, Jenkins, Terraform, Slack, sonarcloud, slack, …
- OWASP /SANS 25 risks mitigation
- SAST (Checlkmarx, VeraCode, ...)
- DAST (Acunetix, Nessus, Qualys, …)
- WAF (F5, Barracuda, Akamai, Imperva, …)
- AWS and Azure environnement