Amdocs Management Limited
Location
Pune | India
Job description
Job ID: 181868
Required Travel : Minimal
Managerial - No
Location: :India- Pune (Amdocs Site)
Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers' innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our 30,000 employees around the globe are here to accelerate service providers' migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $4.3 billion in fiscal 2021. For more information, visit Amdocs at
Why does security matter
Today's cyber security threats are realistic, causing major financial losses and reputational damage. Leading organizations to invest more controls and manage their risks to ensure optimal protection against potential data breach.
Amdocs, as enterprise leader providing solution for telecommunication organization, is required to protect firstly its IP, reputation and ensuring required protection for their customers, aligned with contractual requirements.
Having the proper Secure Software Development is becoming essential for projects development and solutions deployment, allowing both Amdocs and customers to have the certainty of proper security safeguards, proper communication and understanding of potential risks and required mitigations.
The role of the Information Security Specialist Information Security Specialist (DevSecOps) will work closely with all Amdocs development teams to build and integrate Security Tools into CI/CD pipeline. Administration & Management of the environment of the security tools, creation of automation scripts, test cases, develop dashboards, etc.
And will need to have the ability to keep up to date on all new security challenges and work with our teams to develop protection mechanism.
Perform application security assessments including secure code review, threat modeling. Assist and enable R&D teams to adopt secure development practices. Provide software security advice and issues to resolution to cross-functional teams including product, engineering, and services.
Build and ensure secure development compliance with our development process.
. Follow up with staff members to ensure completion of security-related tasks, finding security design flaws and implementation bugs consistently by performing different secure S-SDLC activities.
. Closely work with the Lead to maintain Security health check of the integrated automation
. Integrate multiple security tools in the DevOps pipeline to support SAST, DAST, FOSS, IAST, VA scanning activities by learning the integration features of different tools and suggest accordingly.
. Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs.
. Participate in the planning, design, and implementation efforts
. Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation
. Execute test procedures and/ or scripts either manually or by automated tools.
. Gather and document the outcome of test executions and all information needed to support ongoing measurements and reporting on risks, defects, tests, and coverage.
. Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
. Liaise with development and infra teams to get the defect resolutions
. Work with different entities in the enterprise to ensure S-SDLC compliance with corporate rules and industry standards.
. Work with multiple stakeholders in IT, account and IS teams to understand the present DevOps implementation model in project and suggest suitable model of integration for security tools to create DevSecOps model.
Required Skills
Must to have
. BS in Computer Science, or equivalent
. Working in Agile/Scrum team
. Total experience - 4-10 years
. Extensive expertise in SAST, DAST stack area.
. 4+ years of relevant experience in information Security (code reviews and Pen Testing )
. 2+ years' experience in foss security issues and security hardening (CIS benchmarks)
. 1+ years' experience in setting up continuous integration and continuous delivery systems
. 1+years of experience on docker /k8s
. 1-2 years' basic understanding of Cloud Platforms
. 1-2 years' experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase,Github actions
. Hands on experience in tools like Checkmarx, Appscan ,Burpsuite etc.
. Expertise in Security code reviews and onboarding process for managing false positives
. Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy
. Familiarity with REST Services, Service Oriented Systems and Micro-services architecture
. Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh) -- Required
. Knowledge in distributed systems, software and network security preferred.
. Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems
. Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts
. automated FUZZ Testing Tools & concepts - Working Knowledge
. Sound Knowledge of TCP/IP protocol Stack, protocol, encoding standards, encryption technologies and development frameworks.
. Great Communication skills - (Ability to communicate with a Developer to a Manager or Director level).
Tools mandatory
Good to have
. 1-2 years' experience with configuration management and automation tools like Chef, Puppet, Openstack or something similar.
. 1-2 years' experience with cloud deployment (Azure, AWS, GCP)- advantage
. Project Management Skills.
. Travel: Ability to travel 1-2 times a year
Job tags
Salary
