hero

Portfolio Company Careers

Discover career opportunities across PFG's network of portfolio companies

Sr. Staff Engineer DevSecOps

Sierra Wireless

Sierra Wireless

Pune, Maharashtra, India
Posted on Dec 20, 2024

Responsibilities:

DevSecOps Strategy:

  • Implement the Semtech DevSecOps strategy to integrate security seamlessly into the software development lifecycle.

  • Collaborate with cross-functional teams to establish and maintain secure coding standards, continuous integration, and continuous delivery pipelines.

DevSecOps Planning:

  • Establish clear project security goals and objectives, defining and prioritizing security requirements to align with organizational objectives.

  • Identify and assess potential security risks and threats, developing a comprehensive threat model for the application.

  • Set up a robust security governance structure within the project, implementing a security architecture plan and documenting all aspects of the planning process for future reference.

Security Automation:

  • Evaluate, implement, and manage security tools and technologies within the DevOps toolchain to automate security testing, vulnerability scanning, and compliance checks.

  • Ensure the tools are effectively utilized to identify and remediate security vulnerabilities early in the development process.

  • Drive the automation of security controls and processes to enhance efficiency and reduce manual intervention.

  • Implement automated security testing, code analysis, and deployment validation to maintain a high level of security without impeding development velocity.

  • Develop and maintain automated security processes for infrastructure as code (IaC) deployments.

Operations & Monitor:

  • Maintain an incident response plan specific to DevOps processes, ensuring rapid identification, containment, eradication, and recovery from security incidents.

  • Collaborate with incident response teams to integrate DevOps-related incidents into the overall organizational response plan.

  • Implement security monitoring and adhere to incident response procedures to detect and respond swiftly to security incidents.

  • Set up automated log and event monitoring, continuously updating and patching all components across production, pre-production, and development environments to minimize vulnerabilities.

  • Monitor all environments (Prod, Pre-Prod, Dev) for security events.

  • Review and update access controls, permissions, and security policies regularly, documenting all monitoring practices for reference and improvement.

  • Working closely with DevOps to update and patch all components in all environments to address known vulnerabilities and enhance overall security

Continuous Learning:

  • Stay current with industry trends, emerging threats, and security technologies.

  • Implement a culture of continuous learning within the team, encouraging certifications, training, and knowledge sharing.

Minimum Qualifications:

  • Bachelor's degree in computer science, information technology, or a related field (master's degree preferred).

  • Extensive experience in cloud architecture and strategy with a proven track record of successful cloud adoption.

  • Proven experience as a DevSecOps Engineer in AWS cloud environments.

  • Strong understanding of cloud security principles and best practices.

  • Hands-on experience with security tools such as AWS Security Hub, WAF, and third-party security solutions.

  • Proficiency in scripting and automation languages (e.g., Python, Shell, PowerShell).

  • Experience with CI/CD tools and practices such as GitHub actions, Chef, Anisble, Salt, Puppet,etc.

  • Knowledge of containerization and orchestration technologies (e.g., Docker, Kubernetes).

  • Certifications: AWS Certified Security – Specialty, Certified DevOps Engineer, or Certified Information Systems Security Professional (CISSP).

  • Strong analytical and problem-solving skills.