Position: Application/Secure SDLC and DevOps Auditor
Location: Noida/ Gurugram/Mumbai/Coimbatore
Job Type: Full-time
Experience Level: 5-7 Years
Reporting To: Associate Director (Information & Cybersecurity Office)
Role Overview
We are seeking a versatile Application/Secure SDLC and DevOps Auditor to ensure the security and compliance of applications and DevOps pipelines across the Software Development Life Cycle (SDLC). This role combines expertise in secure coding practices, application security testing, and DevOps auditing to align the organization’s development and deployment processes with industry standards and regulatory requirements.
Key Responsibilities
1. Audit and Assessment
- Conduct in-depth audits of application development and DevOps processes, focusing on security, compliance, and best practices.
- Review application architectures, DevOps pipelines, and source code for vulnerabilities.
- Assess adherence to standards like OWASP, ISO 27001, NIST, PCI DSS, and DevSecOps frameworks.
2. Secure SDLC and DevOps Integration
- Evaluate the integration of security controls within the SDLC and DevOps pipelines (CI/CD).
- Recommend and implement security enhancements for secure development and deployment practices.
3. Application and Pipeline Security Testing
- Perform SAST, DAST, and manual application security testing.
- Conduct vulnerability assessments of DevOps tools, processes, and third-party integrations.
- Assess container and infrastructure security, including Kubernetes and Docker configurations.
4. Compliance and Documentation
- Ensure compliance with internal security policies and external regulatory frameworks.
- Create and maintain audit reports, risk assessments, and action plans for remediation.
5. Training and Awareness
- Conduct workshops and training for development and DevOps teams on secure coding, application security, and DevSecOps practices.
- Promote a security-first mindset in development and operations teams.
6. Incident Support
- Assist in forensic analysis and remediation of application or DevOps-related security incidents.
- Provide post-incident reviews and recommendations for enhanced security measures.
Required Qualifications and Skills
Education:
- Bachelor’s degree in Computer Science, Information Security, or a related field.
Certifications (Preferred):
- Certified Ethical Hacker (CEH)
- Certified Secure Software Lifecycle Professional (CSSLP)
- GIAC Web Application Penetration Tester (GWAPT)
- AWS Certified DevOps Engineer or Azure DevOps Engineer
- Certified Information Systems Security Professional (CISSP)
Technical Skills:
- Strong understanding of secure coding standards, DevSecOps principles, and best practices.
- Hands-on experience with SAST/DAST tools (e.g., Checkmarx, Veracode, Burp Suite).
- Proficiency in programming languages such as Java, .NET, Python, or JavaScript.
- Expertise in CI/CD tools and platforms like Jenkins, GitLab CI/CD, Azure DevOps, or AWS CodePipeline.
- Knowledge of container security (Docker, Kubernetes) and cloud security frameworks (AWS, Azure, GCP).
Preferred Experience
- 5–7 years of experience in application security auditing, secure SDLC, or DevOps security roles.
- Familiarity with Infrastructure-as-Code (IaC) tools like Terraform and Ansible.
- Hands-on experience with vulnerability management, threat modeling, and penetration testing.
- Knowledge of compliance frameworks such as ISO 27001, GDPR, CCPA, HIPAA, or SOX.
Key Competencies
- Strong analytical and problem-solving skills.
- Excellent communication and documentation abilities.
- High attention to detail with the ability to work independently.
- Effective collaboration with cross-functional teams, including development, operations, and security.