K09 DevSecOps

Experience and Skills Needed

• Degree or Diploma in Computer Science, Computer or Electronics
• Engineering, Information Technology, or related disciplines. Passion for automation, standardization, and best practices in infrastructure and security.
• Strong understanding of the Software Development Life Cycle (SDLC), TestDriven Development (TDD), Continuous Integration (CI), and Continuous Delivery (CD).
• Experience working with high availability, high performance, and highsecurity multi-data center systems and hybrid cloud environments
• Proficiency in at least three programming/scripting languages (Bash, PowerShell, Python, Go).
• Experience with Git and modern branching workflows.
• Experience with public cloud platforms (AWS, Azure, Google Cloud).
• Experience with automated provisioning tools (Ansible, Terraform, Puppet,
• Vagrant).
• Hands-on experience with virtualization technologies (KVM, VMware, HyperV).
• Strong understanding of container technologies (Docker, Kubernetes).
• Knowledge of Cloud Native Computing Foundation (CNCF) tools
• (Prometheus, Helm, ArgoCD, Istio, Gatekeeper, Crossplane).
• Experience with infrastructure monitoring and observability tools.
• Strong ability to troubleshoot complex issues across system resources and application stacks.
• Experience with CI/CD pipelines and DevOps tools (GitLab, Jenkins, BitBucket, ArgoCD).
• Experience with disaster recovery planning, system backup, and restore processes.
• Knowledge of RPM-based software packaging and deployment.

Security & Compliance:

• Experience implementing security controls within CI/CD pipelines and cloudnative architectures.
• Hands-on experience with security assessments, vulnerability scanning, and system hardening.
• Familiarity with enterprise security tools (HashiCorp Vault, ElasticSearch Enterprise, Tenable, HP Fortify, Sonatype Nexus IQ, AWS security services).
• Strong understanding of network infrastructure, including firewalls, subnets, routing, and access controls.
• Experience performing security assessments in government or highly regulated environments
• Bonus Experience (Added Advantage):
• Security certifications such as CREST, CISSP, CISM, or relevant cloud security credentials.
• Experience working in an organization that successfully implemented DevSecOps transformation.
• Experience with security and compliance frameworks (ISO 27001, NIST, CIS benchmarks).
• Hands-on experience with API security, secrets management, and zero-trust architectures.
• Knowledge of service mesh security implementations (Istio, Linkerd)

Responsibility:

• Develop automation and processes to enable teams to deploy, manage, scale, and monitor applications in data centers and cloud environments.
• Troubleshoot and resolve system and application issues across platforms, participating in on-call escalations for critical incidents.
• Take ownership of end-to-end infrastructure and security solutions across the organization.
• Implement configuration management systems for business continuity and automate disaster recovery measures.
• Provision virtual machines, databases, application containers, and licenses for development teams.
• Configure and maintain CI/CD pipelines, incorporating streamlined change management and release processes.
• Develop scripts and automation tools to support software build, integration, and deployment across development and production environments.
• Automate the configuration management of development, quality assurance, and production workloads.
• Design, build, optimize, and monitor automation systems to identify bottlenecks and maximize service availability.
• Implement security practices that comply with industry standards to protect the organization’s data and infrastructure.
• Plan, implement, and monitor system security architecture, including threat and risk assessments.
• Perform security checks, such as vulnerability assessments and system hardening, and troubleshoot security incidents.
• Apply secure configurations and best practices when implementing security controls in infrastructure and applications
• Deploy and manage monitoring tools to track infrastructure performance, utilization, and health