Professional DevSecOps Architect

PURPOSE:

The primary purpose of the role is to review team practices and governance controls to identify and report security vulnerabilities, undertake quality analysis on java applications, and manage technology-related reporting to regulatory bodies.

KEY ACCOUNTABILITY:

• Lead the ongoing review of processes, governance, and application health to identify risks and vulnerabilities, raise and escalate them appropriately, including reporting to regulatory bodies.
• Understand and advise on code/design/test quality and standards to meet standards concerning APRA/PCI-DSS, IT policies, standards, and key controls.
• Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation and integration into DevOps ToolChains (Bamboo/Sonar/NexusIQ/Ansible).

REQUIREMENTS

• Extensive experience in Java development (J2EE, Spring), Web services (SOAP, XML, REST), Web development (Angular, HTML, JavaScript, JSP ORM (Hibernate) and business rules engines.
• Expert understanding of web security, OWASP top 10, PCI-DSS, and defensive programming.
• Experience with risk management and classification and reporting.
• Experience with dynamic and static security scanning tools (Eg AppScan, Nexus IQ, Sonar).
• Experience in working on structured ‎‎(Iterative or Agile Scrum) SDLC process‎es.
• Experience with design skills in OO Design, UML, domain modeling, etc.
• Understand CI/CD techniques and be able to apply across a toolchain including GIT, Bamboo, Jenkins, Ansible.
• Familiarity with cloud providers (AWS/Azure), containers, spring boot, and container platforms such as Kubernetes or OpenShift.
• Experience in delivering software projects into production environments in Insurance or Financial Services organizations.