Job Description
1. Develop and implement a comprehensive DevSecOps strategy to embed security practices throughout the software development lifecycle (SDLC) and operational processes.
2. Lead the establishment and maintenance of secure coding practices, including code review processes, vulnerability scanning, and penetration testing.
3. Collaborate with development teams to integrate security controls, such as static code analysis, into the continuous integration and deployment (CI/CD) pipelines.
4. Design and implement secure infrastructure and cloud architecture, including network security, identity and access management (IAM), and secure data storage.
5. Identify and evaluate potential security risks and vulnerabilities, and develop proactive strategies to mitigate them.
6. Manage security incident response processes, ensuring timely detection, investigation, and resolution of security incidents.
7. Monitor and report on key security metrics and indicators to assess the effectiveness of security controls and identify areas for improvement.
8. Stay up-to-date with the latest security technologies, trends, and best practices, and make recommendations for their adoption.
9. Collaborate with internal teams and external stakeholders to ensure compliance with industry regulations and standards, such as GDPR, HIPAA, and ISO 27001.
10. Provide guidance and mentorship to team members, fostering a culture of security awareness and knowledge sharing.
Requirements
1. Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus.
2. Proven experience (3+ years) working in a DevSecOps or similar role, with hands-on experience in implementing security practices in software development and operations.
3. Strong understanding of secure coding practices, vulnerability management, and secure infrastructure design.
4. In-depth knowledge of industry standards and frameworks, such as OWASP, NIST, and CIS benchmarks.
5. Experience with cloud platforms (e.g., AWS, Azure, GCP) and related security services.
6. Familiarity with CI/CD pipelines, configuration management tools (e.g., Ansible, Puppet), and containerization technologies (e.g., Docker, Kubernetes).
7. Proficiency in scripting and automation using languages such as Python, Bash, or PowerShell.
Tips Menjaga Diri
Perusahaan dan Lowongan di Dealls tidak meminta data pribadi, informasi rekening, atau pungutan ketika melamar. Hindari juga lowongan Google Form / Grup Telegram tanpa keabsahan yang jelas.
At DKatalis, we move forward by stimulating and, ultimately, catalyzing growth. To be a catalyst is to be the determinant of change. That's the spirit that we apply to our work culture, that each personâevery katalisâhas a share in every change they make, be it for the world, or for themselves. DKatalis is collaborating from two hubs at Southeast Asia (Jakarta and Singapore). Our team is led by people with extensive experience in their industries, a willingness to break the norms and try something new.
