Job Description:

We are looking for a skilled DevSecOps Architect who will play a pivotal role in ensuring the security and efficiency of software development processes and operations for our clients. The role demands development, security, and operations expertise with exceptional communication skills to collaborate with clients, understand their requirements, and design tailored DevSecOps solutions. The primary focus is integrating security practices seamlessly into the software development lifecycle while maintaining a client-centric approach.  

Responsibilities:

• DevSecOps Strategy: Develop and drive the organization's DevSecOps strategy and align it with business goals and security requirements.
• Security Integration: Integrate security practices into the entire software development lifecycle, including requirements gathering, design, development, testing, deployment, and maintenance.
• Continuous Integration and Continuous Deployment (CI/CD): Design and implement CI/CD pipelines that automate application building, testing, and deployment while incorporating security checks and controls at each stage.
• Security Automation: Implement security automation tools and technologies to identify vulnerabilities, conduct security assessments, and enforce compliance standards.
• Infrastructure as Code (IaC): Collaborate with infrastructure and operations teams to ensure security in infrastructure provisioning and configuration management processes using IaC principles.
• Threat Modelling: Conduct threat modelling exercises to identify potential security risks and vulnerabilities in applications, systems, and processes.
• Security Testing: Define and oversee security testing practices, including static analysis, dynamic analysis, and penetration testing.
• Security Policies and Standards: Define and enforce security policies, standards, and best practices across development and operations teams.
• Incident Response: Collaborate with incident response teams to develop and maintain incident response plans and playbooks.
• Training and Education: Provide training and guidance to development and operations teams on secured coding practices, security tools, and DevSecOps principles.
• Monitoring and Compliance: Implement monitoring solutions to detect and respond to security threats and ensure compliance with industry regulations and standards.
• Collaboration: Work closely with cross-functional teams, including developers, operations, and security teams, to promote a culture of collaboration and shared responsibility for security.

Qualifications:

• Minimum ten years of experience focusing on cloud security, DevOps, and Kubernetes.
• Strong expertise in cloud security principles, technologies, and best practices, with a deep understanding of cloud service providers, such as AWS, Azure, or GCP.
• At least three years of experience and hands-on expertise in penetration testing, DevSecOps, security configuration management and security consulting
• At least 3+ years of experience working in large Kubernetes deployments, managing and operating cloud platforms, performing security operations, and handling incident response.
• Proficiency in scripting languages, such as Python, and experience in automating security controls using infrastructure-as-code (IaC) tools, such as Terraform, Cloud formation templates (CFT) or Azure Resource Manager (ARM).
• Extensive experience with Kubernetes, including securing containerized applications, implementing pod security policies, and managing network segmentation.
• Broad knowledge of security compliance frameworks (e.g., NIST, ISO 27001, PCI DSS) and experience in implementing and maintaining compliance in cloud environments.
• Strong leadership and managerial skills, with the ability to effectively lead and inspire a team to deliver high-quality solutions.
• Excellent communication and interpersonal skills, with the ability to engage with clients, understand their business needs, and provide strategic guidance and solutions.
• Relevant certifications in cloud security, DevOps, Kubernetes, or related areas (e.g., Certified Kubernetes Administrator, Certified Cloud Security Professional).
• Experience in financial services, healthcare, or highly regulated industries will be a plus.

Why should you join Opcito?

We are a dynamic company that believes in designing transformation solutions for our customers with our ability to unify quality, reliability, and cost-effectiveness at any scale. Our core work culture focuses on adding material value to client products by leveraging best practices in DevOps, like continuous integration, continuous delivery, and automation, coupled with disruptive technologies like cloud, containers, serverless computing, and microservice-based architectures. 

Here are some of the perks of working with Opcito: 

• Outstanding career development and learning opportunities. 
• Competitive compensation depending on experience and skill 
• Friendly team and enjoyable work environment 
• Flexible working schedule 
• Corporate and social events.

Awards and Recognitions

• Great Place To Work certified 2021-22, 2022-23, 2023-24
• India's Great Mid-Size Workplaces for 2022 by GPTW
• India's Best Workplaces in IT & IT-BPM 2022 - Top 50 by GPTW
• India's Best Workplaces Building a Culture of Innovation by All - Mid-size 2023 by GPTW
• India's Great Mid-Size Workplaces 2023 ranked 31 by GPTW
• India's Best Workplaces for Millennials 2023 by GPTW
• Top Developers India 2022 by Clutch
• ISO/IEC 27001-2013 by DNV-GL