Foundation AI - DevSecOps Engineer - IAC Terraform

About the Role : As a DevSecOps Engineer at Foundation AI, you'll lead efforts to enhance security for infrastructure and products. You'll need technical expertise in identifying and addressing security vulnerabilities, ensuring compliance, and integrating security best practices across the development lifecycle. Your role also involves collaborating with cross-functional teams to embed security throughout the development process. Responsibilities : Work Location Commitment : - As a DevSecOps Engineer, you'll be expected to work from our office in Hyderabad. This reflects our preference for in-person collaboration and a commitment to team cohesion. Rich Industry Experience : - You should possess a substantial 3-6 years of experience in DevSecOps and DevOps & should have worked for product-based companies (Startup/Scaleup). This extensive experience underscores your ability to navigate complex DevsecOps challenges effectively. Infrastructure as Code (IaC) Security : - Ensuring that application configurations are secure and compliant with security policies. Performing security checks on infrastructure code (e.g., Terraform, CloudFormation) to ensure that resources are provisioned securely. Operating System Expertise : - Your command over operating systems is particularly vital, with a strong emphasis on Linux. This expertise ensures a solid foundation for managing and optimizing system-level operations. DevSecOps Methodology : - By incorporating security into the DevOps workflow, DevSecOps aims to identify and mitigate security vulnerabilities more effectively, reduce the risk of security breaches, and accelerate the delivery of secure software. Static Application Security Testing (SAST) : - Scanning the code for security vulnerabilities using tools like SonarQube, Checkmarx, or Fortify as part of the build process. Dynamic Application Security Testing (DAST) : - Conducting security testing on running applications to find vulnerabilities that attackers can exploit. Tools like OWASP ZAP or Burp Suite can be integrated into the pipeline. Effective Communication and Collaboration : - Exceptional communication and collaboration skills are essential. You'll work closely with cross-functional teams, bridging the gap between development and operations, and ensuring smooth coordination. Cloud-Native Proficiency : - Knowledge of security tools specific to cloud-native environments, such as container security scanners, cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPP). Understanding Distributed Computing : - A solid grasp of Distributed Computing principles is fundamental. It enables you to design and implement systems that can handle complex, distributed workloads effectively. Coding Prowess : - Your coding skills, particularly in Bash Shell Scripting and Python, will play a pivotal role. These skills empower you to automate tasks and develop tools to enhance system reliability and efficiency. Role : - Assist SDEs and DevOps teams on secure deployment and best practices. - Create a Knowledge base on security vulnerabilities and test cases. - Perform security testing on Web and Mobile assets through a checklist - Work closely with the Product team and SDE/QA to fix vulnerabilities/ issues faced by customers - Perform red team and phishing exercises to improve security posture - Assist/ mentor teammates on security test cases and day-to-day activities - Work on incident management and third-party security reports - Initiate and improve responsible disclosure/ Bug bounty program - Brown bag sessions and presentations to the tech team on security best practices and improvements - Work closely with business stakeholders and influence the security policy of the org - Good to have but not mandatory - AWS Security Speciality/ CEH/ OSCP/ CISSP/ CRTP/ CKA/ CKSS - Working knowledge of Kubernetes, and AWS architecture. - Worked with CSPM tools like Pingsafe/Wiz. - Comfortable implementing open-source security tools in the CI/CD pipeline. Qualifications : - Experience of 3-6 years - Minimum 1-2 years of experience in product security - You are a hands-on engineer who leads by doing. - Strong knowledge of OWASP Vulnerabilities. - Working knowledge of WAF rules to protect from DoS/DDoS attacks - Strong knowledge of SCA, SAST & DAST tools and their integration - Working knowledge of Git, Ansible, Kubernetes, Burpsuite - Understanding of AWS and Azure services. - Experience building CI/CD pipelines for container security. - Familiarity with Linux and Windows operating systems. Education : - A BTech degree in Computer Science or equivalent experience relevant to the functional area. (ref:hirist.tech)

Location: Hyderabad, IN

Posted Date: 4/25/2024