Position Overview: As a Platform Security Engineer, you will be responsible for safeguarding the organization’s platform and infrastructure by implementing and managing security practices throughout the software development lifecycle. You will collaborate with development, infrastructure, and security teams to ensure that security is integrated into every aspect of our DevOps processes. This includes implementing robust security measures, conducting risk assessments, and ensuring compliance with security policies and standards. Your expertise will be instrumental in identifying vulnerabilities, automating security controls, and maintaining compliance with industry standards.

Key Responsibilities:

·     Security Integration: Collaborate with development and operations teams to integrate security into the CI/CD pipeline and ensure security is considered at every stage of the software development lifecycle.

·     Security Architecture: Design and implement security architecture for platforms, ensuring that security is integrated into the overall infrastructure design.

·     Vulnerability Management: Conduct regular security assessments, vulnerability scans, and penetration testing to identify and remediate security issues.

·     Automation of Security Controls: Develop and implement automated security controls, monitoring, and alerting systems to enhance security posture.

·     Edge Security: Ensure security of edge layer with configuration and maintaining CDN and WAF.

·     Compliance and Governance: Ensure compliance with relevant regulations and standards (e.g., GDPR, PCI-DSS) and assist in maintaining security certifications.

·     Collaboration and Training: Work closely with cross-functional teams to promote security awareness and provide training on secure coding practices and security tools.

·     Tool Evaluation and Implementation: Evaluate, recommend, and implement security tools and technologies that enhance the security of the DevOps pipeline.

·     Documentation: Maintain comprehensive documentation of security policies, procedures, and best practices.

Required Skills and Qualifications:

Technical Skills:

·     DevOps Practices: Strong understanding of DevOps principles and practices, including CI/CD pipelines, infrastructure as code (IaC), and containerization (e.g., Docker, Kubernetes).

·     Security Tools: Proficiency in security tools such as static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and security information and event management (SIEM) solutions.

·     Cloud Security: Experience with securing cloud-native environments and understanding of K8s security best practices.

·     Programming/Scripting: Proficiency in programming/scripting languages (e.g., Python, Bash, Go) for automation and tool development.

·     Network Security: Solid understanding of network security concepts, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS).

·     Compliance Frameworks: Familiarity with compliance frameworks and standards such as PCI-DSS, ISO 27001, and CIS benchmarks.