Senior DevSecOps Architect Job Description
We are seeking a skilled and experienced Senior DevSecOps Architect at the Director level to join our client's Enterprise Cybersecurity division in Galway on a permanent basis.
Key Responsibilities:
* Lead the development and implementation of security architecture for complex infrastructure and applications.
* Collaborate with product management and engineering teams to develop solutions to critical projects.
* Provide mentorship and strategic guidance to partner teams within the division and across the organisation.
* Conduct application threat modelling and risk assessments.
* Stay up-to-date with the latest threats and vulnerabilities in web, API, and enterprise applications.
* Address unique security considerations related to cloud computing and integrate cloud with on-premise services.
* Utilise expertise in CI/CD practises, pipelines, and build tools.
* Mitigate threats and vulnerabilities to protect customer data and applications.
* Conduct secure code review and software composition analysis.
* Perform dynamic application security testing, including penetration testing and red team assessments.
Requirements:
* Extensive experience with technical lead/architectural responsibilities in building enterprise web applications.
* Proven leadership skills and ability to mentor and collaborate with application architects, engineering, and product teams.
* Deep understanding of threats and vulnerabilities in web, API, and enterprise applications.
* Extensive technical knowledge of security technologies related to application security.
* Familiarity with cloud architectures, including SaaS, PaaS, and IaaS, and their unique security considerations.
* Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment.
* Experience in AppSec Testing (SAST, DAST, SCA, IAST).
* Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc)
* Working knowledge and experience with Cloud Architectures (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10)
* Expertise in CI/CD practises, pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.)
* Experience with application security products and solutions for secure code review, penetration testing, and red team assessments
* Proficiency in application security testing (SAST, DAST, SCA, IAST) and common code vulnerabilities in popular programming languages
* Strong problem-solving skills and ability to navigate complex technology challenges
* Agile development approach and ability to balance product strategy
* Excellent interpersonal and communication skills, both written and verbal
* Ability to effectively communicate the business value of emerging technologies