Platform Security Specialist | DevSecOps
Platform Security Specialist | DevSecOps
Solliciteer direct op deze vacature
Samenvatting
Geplaatst in:Over deze vacature
As a Senior DevSecOps Engineer specializing in Security and Platform Hardening, you will be at the forefront of securing the software development lifecycle and the underlying infrastructure.
As a Senior DevSecOps Engineer specializing in Security and Platform Hardening, you will be at the forefront of securing the software development lifecycle and the underlying infrastructure. Your primary focus will be on enhancing the security posture of our RHEL (Red Hat Enterprise Linux) and Kubernetes (K8s) platforms whilve ensuring the continuous monitoring and hardening of these environments. You will collaborate closely with development teams to integrate robust security practices into every stage of the CI/CD pipeline, ensuring that our applications and platforms are resilient against emerging threats.
You will be employed by YER and seconded to our client. The offer includes:
- Good employee benefits
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
In this role, you will be responsible for:
- Security Integration in CI/CD: Embedding security controls and practices into the CI/CD pipeline to ensure that security is maintained throughout the software development lifecycle.
- Platform Hardening: Leading efforts to harden RHEL and Kubernetes platforms, implementing best practices for secure configurations and minimizing attack surfaces.
- Continuous Monitoring: Utilizing and configuring monitoring tools like Splunk to maintain visibility into the security state of the infrastructure, detect anomalies, and respond to potential security incidents.
- Security Automation: Automating security checks and controls within the development and deployment processes, reducing manual intervention and ensuring consistency.
- Vulnerability Management: Regularly performing vulnerability scans, analyzing results, and applying patches or mitigation strategies to protect against threats.
- Risk Assessment: Conducting risk assessments and implementing appropriate security measures to safeguard both the application and the platform layers.
- Collaboration and Communication: Working closely with cross-functional teams, including developers, operations, and security specialists, to promote a culture of security across the organization.
Technical Environment
Your work will be in a diverse and dynamic environment, which includes:
- Operating Systems: Red Hat Enterprise Linux (RHEL)
- Containerization and Orchestration: Kubernetes, Docker
- IaC: Ansible, Terraform
- Cloud Platforms: Google Cloud Platform (GCP), Microsoft Azure
- Security Tools: HashiCorp Vault, Boundary, Consul, Terraform
- Monitoring Tools: Splunk ITSI, Enterprise Security, Grafana
- CI/CD Tools: GitHub Actions, Azure DevOps, Jenkins, GitLab
- Development Languages: Java, Python, Golang
Education and Experience
Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
Experience:
- Minimum 7 years of relevant experience in IT security, specifically focused on securing software development and deployment pipelines.
- Proven expertise in hardening RHEL and Kubernetes environments.
- Strong background in using and configuring monitoring tools like Splunk for security purposes.
- Experience with automating security processes within CI/CD pipelines.
- Hands-on experience with security tools like HashiCorp Vault, Boundary, and Consul.
- Familiarity with cloud security, particularly within GCP environments.
- Relevant certifications such as CISSP, CISM, or security-focused DevOps certifications.
Skills and Competencies
- Security-First Mindset: Deep understanding of security principles and a passion for embedding security into every aspect of the software development lifecycle.
- Automation Expert: Ability to automate security processes and integrate them seamlessly into CI/CD pipelines.
- Platform Hardening: Expertise in hardening Linux and Kubernetes environments, ensuring that configurations adhere to security best practices.
- Monitoring and Response: Proficient in setting up and using monitoring tools like Splunk to detect and respond to security threats in real-time.
- Vulnerability Management: Skilled in identifying, assessing, and mitigating vulnerabilities within complex environments.
- Collaboration: Effective communicator with a strong ability to work across teams to foster a culture of security and continuous improvement.
- Adaptability: Ability to thrive in a fast-paced environment with evolving security challenges.
Zo verloopt een succesvolle sollicitatie:
Veelgestelde vragen over onze vacatures
Via YER kom je in contact met inspirerende organisaties door heel Nederland en daarbuiten. Staat jouw vraag er niet tussen? Neem dan contact op met ons team.
Voor kandidaten zijn er verschillende contractvormen mogelijk. Ben je een starter dan geeft een YER-traineeship je de mogelijkheid om kennis te maken met interessante werkgevers. Met een detacheringscontract van YER ben je als professional op tijdelijke basis verbonden aan een opdrachtgever. In beide gevallen kun je na afloop van je YER-contract in dienst treden bij de werkgever. Ben je een ervaren specialist, manager of directielid dan brengen onze consultants je direct in contact met interessante organisaties. Afhankelijk van de vacature krijg je een tijdelijk of vast contract, of je gaat aan de slag als interimmer.
Onze consultantteams zijn gespecialiseerd in een veelheid aan branches en vakgebieden. Wil je weten welke vacatures of carrièremogelijkheden wij voor jouw specialisme bieden, neem dan contact op voor een oriënterend gesprek.
In welke carrièrefase je ook zit, wij begeleiden je bij iedere stap en verbinden je aan vooraanstaande werkgevers door heel Nederland. Met onze uitgebreide netwerk, focus op ontwikkeling en persoonlijke begeleiden wij kandidaten bij het waarmaken van hun ambities. Meer weten? Ontdek wat wij voor jou als kandidaat kunnen betekenen.
Wij verzamelen je persoonsgegevens vanaf het moment dat je ze invult of achterlaat op onze website, of je op andere wijze aanmeldt of wordt aangemeld om gebruik te maken van onze dienstverlening. De gegevens die via het gebruik van deze website worden verzameld, zullen alleen worden verwerkt en bijgehouden, zoals beschreven in onze Privacy Statement. Wij zetten ons in voor de bescherming van je privacy en de veiligheid van je gegevens, en respecteren alle wet- en regelgeving inzake privacy.
Ook interessant...
Via YER kom jij in contact met inspirerende vacatures. Je kijkt bij allerlei werkgevers in de keuken en verbreedt je horizon. Ons netwerk aan opdrachtgevers is groot en groeit iedere dag.