Job title: Platform Ops Lead (2366)
Job type: Contract
Emp type: Full-time
Industry: Aerospace
Location: Hong Kong
Job published: 12/11/2024
Job ID: 36288

Job Description

We are looking for a Lead Engineer with a DevSecOps focus dedicated to delivering secure, scalable, and innovative solutions. You will play a pivotal role in enhancing the application security measures while driving secure development practices across the organization.

 

Job Description:

Be responsible for integrating security into every aspect of the software development lifecycle and improving the security of existing infrastructure.

You will collaborate closely with cross-functional teams to ensure that all our applications adhere to best security practices while promoting a shift-left culture in DevOps.

 

Key Responsibilities:

  • Integrate security into CI/CD pipelines, ensuring end-to-end application security.
  • Identify and manage false positives in automated security testing and ensure proper vulnerability remediation processes.
  • Implementing secure coding practices to mitigate security vulnerabilities.
  • Advocate and educate development teams on best practices related to application security and DevSecOps.
  • Conduct regular security assessments, code reviews, and threat modeling for existing and new features.
  • Design and implement security solutions and automation tools that enhance the overall DevOps security posture.
  • Collaborate with product management to balance security requirements with business priorities and timelines.
  • Stay up-to-date with the latest security trends, vulnerabilities, and technologies relevant to the DevSecOps space.

 

Key Qualifications:

  • Proven experience in Application Development with a strong focus on secure coding and DevSecOps principles.
  • Strong software development experience, with strong expertise in Java and/or Node.js.
  • Deep understanding of application security best practices, including secure coding techniques, vulnerability analysis, and security testing.
  • Expertise in managing and mitigating false positives in DevOps pipelines and security tooling.
  • Experience with CI/CD tools such as Jenkins, GitLab, Azure DevOps, or similar.
  • Familiarity with security frameworks and tools (e.g., OWASP, SAST, DAST, IAST, SCA).
  • Hands-on experience with container security, cloud security, and microservices architecture.
  • Strong communication and leadership skills to mentor and guide teams on security best practices.
  • Relevant Certifications will be a plus