DATAMATO
Location
Pune | India
Job description
Designation:
Senior Software Engineer/Consultant Experience: 6+ years of experience Summary: A software code pipeline security engineer is a professional who is responsible for ensuring the security of the software development lifecycle (SDLC) and the code delivery process. They apply security best practices, tools, and techniques to prevent, detect, and mitigate security risks and vulnerabilities in the code pipeline. They also collaborate with other developers, engineers, and stakeholders to integrate security into the code pipeline and the software products. Some of the common duties and responsibilities of a software code pipeline security engineer are: Design, implement, and maintain secure code pipeline solutions, such as continuous integration, continuous delivery, and continuous deployment (CI/CD) tools, platforms, and workflows. Perform security assessments, audits, and reviews of the code pipeline and the software products, using various methods, such as static and dynamic analysis, code scanning, penetration testing, and threat modeling. Identify, report, and remediate security issues and vulnerabilities in the code pipeline and the software products, using appropriate tools and techniques, such as patching, encryption, authentication, authorization, and logging. Develop, enforce, and update security policies, standards, guidelines, and best practices for the code pipeline and the software products, in compliance with relevant regulations and industry standards, such as ISO 27001, NIST, OWASP, and PCI DSS. Educate and train other developers, engineers, and stakeholders on security awareness, knowledge, and skills for the code pipeline and the software products. Research and stay updated on the latest security trends, threats, and technologies for the code pipeline and the software products. Some of the common skills and qualifications of a software code pipeline security engineer are: Bachelor’s degree or higher in computer science, software engineering, cybersecurity, or a related field, or equivalent work experience. Advantage if the candidate has Professional certifications, such as Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), or Certified Cloud Security Professional (CCSP). Proven work experience as a software security engineer, software developer, software engineer, or a similar role, with a focus on code pipeline security. Proficient in one or more programming languages, such as YAML, Python, JavaScripts, or Go, and one or more scripting languages, such as Bash, PowerShell, or Perl. Familiar with various code pipeline tools and platforms, such as Jenkins, GitLab, GitHub, Azure DevOps, AWS CodePipeline, or Google Cloud Build. Knowledgeable in various security tools and techniques, such as SAST, DAST, SCA, IAST, RASP, WAF, IDS, IPS, or SIEM. Excellent communication, collaboration, problem-solving, and analytical skills. Strong attention to detail, quality, and security.Job tags
Salary
