As a DevSecOps Engineer, you will be responsible for incorporating security into all stages of the software development lifecycle. You will leverage your expertise in JFrog Artifactory, Xray, and other tools to implement best practices, automate processes, and maintain a secure and scalable infrastructure.
Key Responsibilities:
Artifact Management: Manage and maintain JFrog Artifactory for efficient storage and distribution of binaries, libraries, and packages across the development teams.
Security Scanning: Utilize JFrog Xray for continuous scanning of binaries and dependencies to identify vulnerabilities and enforce compliance policies.
CI/CD Integration: Integrate security controls into CI/CD pipelines using tools like Jenkins, GitLab CI, or Azure DevOps to ensure secure code deployment.
Infrastructure Automation: Automate infrastructure provisioning, configuration management, and deployment using tools such as Terraform, Ansible, or Kubernetes.
Monitoring & Logging: Implement security monitoring and logging practices to detect and respond to incidents using tools like ELK Stack, Prometheus, or Grafana.
Access Control: Implement role-based access controls (RBAC) and ensure secure authentication/authorization for tools and applications.
Cloud Security: Collaborate with cloud teams to implement security best practices on AWS, Azure, or GCP environments.
Compliance: Ensure compliance with industry standards (e.g., ISO 27001, SOC 2, GDPR) and assist in audits and assessments.
Collaboration: Work closely with development, operations, and security teams to promote DevSecOps culture and awareness.
Qualifications:
Experience: 3+ years of experience in a DevSecOps, DevOps, or Security Engineer role.