Upgrade Projekt einstellen

DevOps Security Lead

Zürich  ‐ Vor Ort
Dieses Projekt ist archiviert und leider nicht (mehr) aktiv.
Sie finden vakante Projekte hier in unserer Projektbörse.

Schlagworte

Python Automatisierung DEV OPS IT Sicherheit Deployment Azure git Cloud Test Design

Beschreibung

Main tasks/activities:

  • Understand all infrastructure as code (IaC) artefacts in Azure DevOps, with specific focus on Kubernetes, Kafka, Zookeeper, NoSQL (eg Couchbase)
  • Secure the CI/CD process for IaC and Microservice (Spring Boot, Python) deployments
  • Design and own the (policies for) our docker registry
  • Implement and maintain in the pipelines the company wide scanning tools such as Aqua, NexusIQ, Qualys etc
  • Implement and ensure Encryption at rest and in transit
  • Design, implement and ensure best practices of AuthZ, eg via token rotation: both for human and non-human
  • Design, implement and maintain secrets management
  • Design and implement a security aspect for configuration management
  • Work with developers to understand the security context of the apps and their interaction with Apache Kafka, candidate will design & own the implementation of how Kafka will be secured
  • Align with Automation lead on quality controls and continuous testing best practices especially including blue/green and canary
  • Design and maintain the availability and stability of all long-living state (eg the event store)
  • Secure the state against unauth access: design and implement life cycle (non-prod vs prod) for data (incoming as Kafka messages using the event carried state transfer paradigm)
  • Consult with Automation lead on network layouts and negotiate with other network teams on integration/segregation topics
  • Support and give guidance on the test driven development practices and the implementation thereof in the pipelines in a DevSecOps style (eg Chaos Monkey, auto-pen-test)
  • Implement continuous improvements on governance aspects (eg Azure Policies)
  • Efficiently leverage Azure services for addressing security concerns (ie WAF)
  • Own the integration with Azure Active Directory and IAM
  • Continuously work with the teams to improve all components as the use-cases grow more complex
  • Own validity and applicability of libraries and licenses of all vendors (eg for Hashicorp Vault)
  • Design observability (especially logging) concept and implement reactions to incidents
  • Design High Availability and Disaster Recovery Strategies (incl multi zone deployments and consistency) in the context of event-sourcing with special focus on securing and protecting the event-store and guaranteeing replayability
  • Design and maintain a holistic security concept for VMs, stateful apps, stateless apps, running on K8S or running as container instances
  • Design and maintain holistically Monitoring and telemetry
  • Design and take ownership of the security incident process
  • Train other engineers
  • Ensure compliance with the company wide digital governance framework, audit
  • Documentation of all of the above (readme, wiki and JIRA)

Must have skills:

  • Public Cloud relevant experience with practical implementation of the security standards: OWASP 10, ISO/IEC 27002, ISO/IEC 17788
  • Expert Knowledge in zero trust networking and service meshes
  • Expert Knowledge of AuthN concepts and techniques, eg RBAC, ABAC
  • Expert Knowledge of AuthZ techniques and tools
  • Strong and proven Automation experience with CI/CD in the public cloud using industry standards such as maven, gradle
  • Expert Knowledge of git
  • Knowledge of Kubernetes deployments (eg sidecar), container isolation, multi-tenancy and software defined networking
  • Knowledge of static code scanning best practices
  • Expert knowledge of Continuous Monitoring and usage of Telemetry
  • Test driven development: understands semantics of unit tests and end to end integration tests and the imperative for continuous testing
  • Worked with CI/CD for integration, migration and deployment: Experience in automated build, test & deploy with an explicit focus on state-management and state-handling
  • Strong understanding of networks: especially how Layer 7 design needs to align with Layers 3-6 in the public cloud, Expert Knowledge of multi-cloud Firewall design
  • Excellent communication in English, written and spoken
  • Delegation and (self-)management skills for working in a flat and distributed team
  • Encryption tools and techniques
  • Strong Experience with "Infrastructure as Code"
  • Linux OS (alpine, Ubuntu, SLES) and Unix
  • Knowledge of event-driven architecture and micro-services

Frameworks/Tools:

  • Azure DevOps, Ansible, yaml-pipelines, Helm, build agents, Scripting (bash, python)
  • Container-based (Docker/Kubernetes) orchestration
  • High availability of statefulness using cloud-native techniques
  • Can read code written in industry standard polyglot (Java/Spring/Python/JS)
  • DB-queries (also NoSQL) eg Couchbase, SAP HANA, Postgres
  • Cloud managed services (eg Blob Storage, databases, Insights, Security Center)
  • Build and deployment tools such as Git, Gradle, Maven
  • API Gateways, HTTPS, REST/ODATA/GraphQL/etc API-specs
  • State-management eg Zookeeper, Schema Registry, Event Store
  • Aqua, Qualys, DataDog, Grafana, Prometheus, Zeebe, Vault

Start
July 2019
Dauer
6 months
Von
Darwin Recruitment
Eingestellt
15.06.2019
Projekt-ID:
1785175
Vertragsart
Freiberuflich
Um sich auf dieses Projekt zu bewerben müssen Sie sich einloggen.
Registrieren