Development, Security and Operations (DEVSECOPS) at GVA Partners

SCOPE OF WORK AND KEY RESPONSIBILITIES

• Continuous integration and deployment: Using DevOps tools to automate the build, test, and deployment of software updates, while also running security scans and vulnerability assessments.
• Containerization: Using containerization technologies like Docker or Kubernetes to create isolated environments for running applications, which can help to improve security by reducing the attack surface.
• Infrastructure as code: Using infrastructure as code tools to manage the deployment and configuration of infrastructure resources, which can help to ensure that security policies and configurations are consistent across environments.
• Security automation: Using automation tools to monitor and detect security events in real-time, and to automatically respond to security incidents by triggering alerts or executing remediation actions.
• Product Development : Improve security and reduce risk of cyber threats in products and products deployed across all platforms and applications
• Operational & Data Integrity Assurance: Ensuring that all processes run correctly and accurately that the integrity of the data in security systems is assured and aligned with inputs received. Operational processes and procedures and checklist to assure the operational performance remain optimal and ensure maximum availability of the platform and associated services must be managed and maintained. Operational Performance Report and Dashboards for Operational Management purposes are included in the scope. Daily engagements with Group SOC to assure information sent/received to and from Group SOC is expected.
• Application Support: Corrective and preventive maintenance of the Security System, adhoc and operational reporting and delivering on all Service Requests and incidents logged through the Standard Trouble Ticketing Platform. Management of the application includes space, and performance management.
• Data Availability: Accurate and complete data available for the IT Security Team and downstream systems dependent on data or reports from Security System

EXPECTED TASKS AND RESPONSIBILITIES

• Ensure that our development considers the latest thinking, patterns is software security development and best practice - providing recommendation, with user stories, Services management team on approach and automation related to security
• Work in a DevSecOps team to develop new software projects against Communications Platform as a Service APIs to enhance the business feature set in the Converged Communications space
• Create software to solve company’s business problems in Unified Communications Connectivity Platform
• Ensure that capabilities are deployed through a continuous development pipeline with security requirements satisfied at the time of deployment
• Proactively monitor and fix issues in test and production platform.
• Engineer solutions on AWS and other Cloud Platforms using Infrastructure as Code methods such as Terraform and Ansible.
• Integrate, configure, deploy and manage centrally provided common cloud services (e.g. IAM, networking, logging, Operating systems, Containers) as well as shared service applications on cloud (e.g. Jenkins, Nexus, GitLab Runners, Vault)

Qualifications & Experience:

• Bachelor's degree in computer science, computer engineering, information technology, or any other relevant field.
• Minimum of 3 - 5 years of experience as a DevSecOps engineer.