北京招聘

As the Senior/Lead DevSecOps Engineer, you will lead the implementation of security checks in the CI / CD pipeline, as well as drive project team adoption of the same. You will work closely with both global Security team in the U.S and product (application) team to help implement security solutions that are tailored to the specific risks facing the organization, including and not limited to SAST, open source vulnerability management, and DAST.

You will play a meaningful role in maintaining the controls that enable our organization to operate efficiently, cost effectively, and within compliance standards. You will also assist others in interpreting, understanding, and applying security policies and best coding practices to mitigate information security risks.

This role comes with these exciting opportunities:

? Building security pipeline from the start

? Driving the DevSecOps program by influencing development, product, and management teams

More specifically, you will:

? Evaluate & tune application security tools.

? Integrate application security tools in the CI / CD pipeline.

? Define, refine, and drive security policies on top of the application security tools, with the goal of increasing development team adoption and improving application security.

? Educate & support development team for security tools adoption and code fixes.

? Create metrics & reporting that communicates the results of DevSecOps activities.

? Actively participate in the governance process associated with application security and technology standards.

What are we looking for?

We believe the success in this role will demonstrate itself through the following attributes and skills:

? Five (5) to seven (7) years' experience in the Information Technology/Information Security industry with solid understanding of Computer Science fundamentals

? Experience with at least one of the following programming languages - Java, Kotlin, ObjectC, Swift, JavaScript

? Knowledge of two or more of the following technologies: SAST, Software Composition Analysis, DAST, Docker security

? Experience working with development methodologies (e.g., Waterfall, Agile)

? Social communicators, who will communicate effectively at all levels

? Dedicated, ambitious individual with good time management and attention to detail

? Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing (e.g., GDPR, ISO 27001, Cloud Security Alliance, NIST 800-53, PCI DSS, SOC2, China Cyber Security Law, Multi Level Protection Scheme) will be added advantage

Softtek是全球领先的信息技术和业务流程解决方案提供商，我们来自墨西哥，目前是拉美地区以及近岸地区排名***的IT解决方案公司。
公司成立于1982年在全球有30多个分公司和办事处，全球员工近13000名。全球目前建有9个交付中心；在中国有自己的开发团队，研发中心。中国总部设在无锡， 上海、北京、广州、深圳设有分公司。

公司主页：***************
公司地址：浦东南路855号世界广场16i
公司电话：58772288