#vacancy #part-time #devsecops #appsec
**
❗️Accredited IT company Systems and Algorithms is looking for a specialist**❗️
**
DevSecOps**
**
Format:** remote
__Employment: __part-time
**Job Type: **full-time
**Employment Type: ** Individual Entrepreneur, Civil Law Contract, Self-employed
Salary: 1 440 RUB**
⭐️ About the project:**
We are looking for a Middle DevSecOps Engineer with a strong focus on Application Security.
The primary focus of the role is at the intersection of DevSecOps, Cloud Security, Infrastructure Security, and AppSec. In addition to protecting Kubernetes and cloud infrastructure, practical experience in code analysis, working with SAST/SCA tools, and web application security testing is required. **
⭐️ What we expect from you:
- Over 3 years of experience in information security;
- Practical experience in commercial organizations;
- Experience in the following areas:
• DevSecOps;
• AppSec;
• Cloud Security;
• Infrastructure Security;
- Experience in securing Kubernetes infrastructure;
- Practical experience in securely configuring Kubernetes clusters;
- Understanding of secure configuration principles in accordance with industry best practices (e.g., CIS Benchmark);
- Experience configuring:
• namespaces;
• RBAC;
• network policies;
• service accounts;
• secrets;
- Experience working with cloud platforms:
• Yandex Cloud;
• VK Cloud;
• Or similar solutions;
- Understanding of mechanisms for:
• IAM;
• encryption;
• auditing;
• access control;
- Practical experience working with:
• SAST;
• DAST;
• SCA;
- Experience in code analysis and web application security testing;
- Understanding of attacks on:
• container environments;
• Kubernetes;
• cloud infrastructure;
• CI/CD pipelines;
- Understanding of DevOps principles:
• CI/CD;
• containerization;
• configuration management;
• Infrastructure as Code (IaC);
- Experience interacting with development, DevOps, and operations teams.
⭐️ What needs to be done:
- Design, implement, and develop the security architecture for Kubernetes and cloud infrastructure;
- Integrate security mechanisms into Kubernetes and CI/CD processes;
- Implement protection for services within Kubernetes:
• RBAC;
• namespaces;
• network policies;
• secrets management;
• service accounts;
• dependency management;
• signing and verification of container images;
- Analyze infrastructure configurations and identified vulnerabilities;
- Develop plans for risk mitigation and security process automation;
- Implement monitoring and security assessment processes for cloud and container environments;
- Participate in migrating services to Kubernetes and cloud platforms with a focus on security;
- Automate security policy control, notification, and verification processes;
- Prepare architectural documentation and recommendations for infrastructure security development;
- Perform AppSec tasks:
• source code analysis;
• working with SAST/SCA tools;
• web application security testing;
• participation in vulnerability analysis and remediation.
📲 Contacts:
- serg06SA
- sdobrynin06
- +79698654225