Responsibilities:
DevSecOps Strategy:
-
Implement the Semtech DevSecOps strategy to integrate security seamlessly into the software development lifecycle.
-
Collaborate with cross-functional teams to establish and maintain secure coding standards, continuous integration, and continuous delivery pipelines.
DevSecOps Planning:
-
Establish clear project security goals and objectives, defining and prioritizing security requirements to align with organizational objectives.
-
Identify and assess potential security risks and threats, developing a comprehensive threat model for the application.
-
Set up a robust security governance structure within the project, implementing a security architecture plan and documenting all aspects of the planning process for future reference.
Security Automation:
-
Evaluate, implement, and manage security tools and technologies within the DevOps toolchain to automate security testing, vulnerability scanning, and compliance checks.
-
Ensure the tools are effectively utilized to identify and remediate security vulnerabilities early in the development process.
-
Drive the automation of security controls and processes to enhance efficiency and reduce manual intervention.
-
Implement automated security testing, code analysis, and deployment validation to maintain a high level of security without impeding development velocity.
-
Develop and maintain automated security processes for infrastructure as code (IaC) deployments.
Operations & Monitor:
-
Maintain an incident response plan specific to DevOps processes, ensuring rapid identification, containment, eradication, and recovery from security incidents.
-
Collaborate with incident response teams to integrate DevOps-related incidents into the overall organizational response plan.
-
Implement security monitoring and adhere to incident response procedures to detect and respond swiftly to security incidents.
-
Set up automated log and event monitoring, continuously updating and patching all components across production, pre-production, and development environments to minimize vulnerabilities.
-
Monitor all environments (Prod, Pre-Prod, Dev) for security events.
-
Review and update access controls, permissions, and security policies regularly, documenting all monitoring practices for reference and improvement.
-
Working closely with DevOps to update and patch all components in all environments to address known vulnerabilities and enhance overall security
Continuous Learning:
-
Stay current with industry trends, emerging threats, and security technologies.
-
Implement a culture of continuous learning within the team, encouraging certifications, training, and knowledge sharing.
Minimum Qualifications:
-
Bachelor's degree in computer science, information technology, or a related field (master's degree preferred).
-
Extensive experience in cloud architecture and strategy with a proven track record of successful cloud adoption.
-
Proven experience as a DevSecOps Engineer in AWS cloud environments.
-
Strong understanding of cloud security principles and best practices.
-
Hands-on experience with security tools such as AWS Security Hub, WAF, and third-party security solutions.
-
Proficiency in scripting and automation languages (e.g., Python, Shell, PowerShell).
-
Experience with CI/CD tools and practices such as GitHub actions, Chef, Anisble, Salt, Puppet,etc.
-
Knowledge of containerization and orchestration technologies (e.g., Docker, Kubernetes).
-
Certifications: AWS Certified Security – Specialty, Certified DevOps Engineer, or Certified Information Systems Security Professional (CISSP).
-
Strong analytical and problem-solving skills.
