DevSecOps Security Expert

JOB TITLE

Location: Ile-de-france
Languages: English is mandatory, French is nice to have
Start date: ASAP
Duration: 6 month rolling contract

THE COMPANY

A multinational information technology services company with over 12.16 billion in revenue. The client is looking for a DevSecOps Security Expert. The client has highlighted the urgency for this position. Interviews will be scheduled before the end of the week after CV's have been assessed.

Glocomms has successfully placed 3 contractors with them within the last 12 months. Consistently placing contractors with this client has created a strong relationship with the client.

JOB DESCRIPTION

Job Title: DevSecOps Security Expert

Responsibilities

• A security profile is required to contribute to the offer construction, promotion and day-to-day operations

The role missions are the following:

• Be the product owner of DevSecOps Security tools :
• Maintain, modernize & globalize the SDLC with the team in charge of the "ModernAppGarage"
• Help IT Development Teams to deliver secure custom applications:
• Identify the necessary security layers (products, processes, configuration) to be part of the DevSecOps offer,
• Identify the necessary security layers to be part of the overall digital app architecture in IAAS environment,
• Deploy and high-level configuration of the tools,
• Be able to provide tools utilization guidelines and train Digital teams,
• Provide high level support and be in regular contact with security editors and hosters,
• Provide alerting and regular reporting related to usage, compliance and incidents of tools,
• Drive the security adoption by developing internal partnerships with Digital teams,
• Promote IS/IT and Security standards across organization and contribute in Group strategy,
• Recommendations, design and implementation in IT environment to meet current and future business needs.

Tech stack:

• DevOps regular tools
• Github, Gitlab, Jenkins, Terraform, Slack, sonarcloud, slack, …
• WASP /SANS 25 risks mitigation
• SAST (Checlkmarx, VeraCode, …)
• DAST (Acunetix, Nessus, Qualys, …)
• WAF (F5, Barracuda, Akamai, Imperva, …)
• AWS and Azure environnement
• AntiBot
• Reverse Proxy
• DDOS protection
• IDS/IPS
• Vault
• Certificates
• Agile, ITIL, Project management, NIST / ISO 27000 standards