Domain Expert - Systems Job in Asian Paints

Position: Domain Expert - Systems (DevSecOps)

Location: Mumbai

Area of Work: Systems

Job Purpose

The DevSecOps Domain Expert will be responsible for ensuring the security, efficiency, and reliability of DevSecOps processes across the development lifecycle. You will play a pivotal role in integrating security into the CI/CD pipeline and promoting the adoption of best practices throughout the software development and change management processes. Expertise in Process Automation is a plus, aimed at boosting productivity, consistency, and speed within DevSecOps operations.

Key Responsibilities

DevSecOps

• Implement, manage, and optimize security automation practices within DevOps pipelines to ensure secure software development and deployment.
• Collaborate with Development and Security teams to integrate security seamlessly into the DevOps workflow.

Application Security

• Identify, assess, and mitigate vulnerabilities within applications, ensuring adherence to security policies, standards, and best practices.
• Conduct threat modeling, vulnerability assessments, and risk analysis for DevSecOps processes to identify potential security gaps and recommend appropriate solutions.
• Provide security guidance to development teams, promoting secure coding practices and reviewing security standards.

Collaboration & Training

• Embed security best practices across the SDLC (Software Development Life Cycle), ensuring that security is considered at every stage of development.
• Mentor and train developers on secure coding principles, helping them implement industry-standard security practices within their code.

Automation & Tooling

• Design, build, and maintain automated pipelines that integrate security tools, such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and vulnerability management tools.
• Ensure that security tools are continuously updated and effectively incorporated into the CI/CD pipeline.

Monitoring & Governance

• Establish and maintain comprehensive monitoring systems for DevSecOps onboarding, deployment, and runtime application security.
• Collaborate with cross-functional teams to manage incidents, respond to security alerts, and conduct investigations related to application security.
• Document and update policies and procedures for secure development and deployment practices.

Continuous Improvement

• Stay abreast of industry trends and emerging technologies in DevSecOps and application security.
• Identify areas for improvement in security processes, aiming to enhance efficiency, scalability, and overall security posture.

Qualifications & Experience

Education

• Essential: BE (Computer Science/IT), MCA, or a Master s Degree in Computer Science/IT.

Experience

• Overall Experience: 8+ years in the technology field, with at least 3 years of experience specifically in DevSecOps and Application Security.
• Technical Skills:
  • Proficiency with CI/CD tools like Jenkins, GitLab, etc.
  • Experience with security tools like F5, Fortify, SonarQube, etc.
  • In-depth understanding of secure coding practices and application security testing methodologies.