Foundation AI

Designation: DevSecOps Engineer

Location: Hyderabad

Work Mode: Office

Reporting to: Associate Director- DevOps

About the Role: As a DevSecOps Engineer at Foundation AI, you'll lead efforts to enhance security for infrastructure and products. You'll need technical expertise in identifying and addressing security vulnerabilities, ensuring compliance, and integrating security best practices across the development lifecycle. Your role also involves collaborating with cross-functional teams to embed security throughout the development process.

Responsibilities:

● WorkLocation Commitment: As a DevSecOps Engineer, you'll be expected to work from our office in Hyderabad. This reflects our preference for in-person collaboration and a commitment to team cohesion.

● Rich Industry Experience: You should possess a substantial 3-6 years of experience in DevSecOps and DevOps & should have worked for product-based companies (Startup/Scaleup). This extensive experience underscores your ability to navigate complex DevsecOps challenges effectively.

● Infrastructure as Code (IaC) Security: Ensuring that application configurations are secure and compliant with security policies. Performing security checks on infrastructure code (e.g., Terraform, CloudFormation) to ensure that resources are provisioned securely.

● Operating System Expertise: Your command over operating systems is particularly vital, with a strong emphasis on Linux. This expertise ensures a solid foundation for managing and optimizing system-level operations.

● DevSecOpsMethodology: By incorporating security into the DevOps workflow, DevSecOps aims to identify and mitigate security vulnerabilities more effectively, reduce the risk of security breaches, and accelerate the delivery of secure software.

● Static Application Security Testing (SAST): Scanning the code for security vulnerabilities using tools like SonarQube, Checkmarx, or Fortify as part of the build process.

● DynamicApplication Security Testing (DAST): Conducting security testing on running applications to find vulnerabilities that attackers can exploit. Tools like OWASP ZAP or Burp Suite can be integrated into the pipeline

. ● Effective Communication and Collaboration: Exceptional communication and collaboration skills are essential. You'll work closely with cross-functional teams, bridging the gap between development and operations, and ensuring smooth coordination.

● Cloud-Native Proficiency: Knowledge of security tools specific to cloud-native environments, such as container security scanners, cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPP).

● Understanding Distributed Computing: A solid grasp of Distributed Computing principles is fundamental. It enables you to design and implement systems that can handle complex, distributed workloads effectively.

● CodingProwess: Your coding skills, particularly in Bash Shell Scripting and Python, will play a pivotal role. These skills empower you to automate tasks and develop tools to enhance system reliability and efficiency.

 Role:

● AssistSDEsandDevOpsteamsonsecuredeploymentandbestpractices. ● CreateaKnowledgebaseonsecurityvulnerabilitiesandtestcases.

● PerformsecuritytestingonWebandMobileassetsthroughachecklist

● WorkcloselywiththeProduct teamandSDE/QAtofixvulnerabilities/ issues faced by customers

● Performredteamandphishingexercisestoimprovesecurityposture

● Assist/mentor teammates on security test cases and day-to-day activities

● Workonincidentmanagementandthird-partysecurityreports

● Initiateandimproveresponsibledisclosure/Bugbountyprogram

●Brownbagsessionsandpresentationstothetechteamonsecuritybestpractices and improvements

● Work closely with business stakeholders and influence the security policy of the org .