DevSecOps Manager
On-site Cairo, Cairo Governorate, Egypt 0036
Description
1. Lead the monitoring and analysis of security metrics within the development lifecycle in a DevSecOps capacity.
2. Manage to ensure timely delivery of security requirements as a top priority at every stage of the development lifecycle.
3. Review/identify security vulnerabilities and ensuring secure code practices are applied within the CI/CD pipeline at all times and across development sprints.
4. Oversee the effective implementation of security requirements and mandates throughout the whole end to end development lifecycle till the go-live, across all sprints in a change and release management security capacity.
5. Responsible for the security of the software development process, including automating scans, code verification, and developing security protocol to protect sensitive data and ensure proper prevention against cyber threats.
6. Provide guidance to secure coding practices, secure design principles, and security risk mitigation.
7. Conduct security assessments to identify and address potential security risks within the development lifecycle.
8. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in the industry and with the emerging trends and technologies in the DevSecOps field in order to make recommendations for improving the organization's processes.
9. Evaluate and recommend security tools and technologies within the CI/CD pipeline
10. Oversee the maintenance of the confidentiality, integrity, and availability of an organization's information systems and data.
11. Oversee the collaboration with both development and operations teams to create a seamless flow of work and maintain an agile workflow.
12. Ensure continuous integration and delivery (CI/CD) processes are followed, promoting the speedy release of high-quality software.
13. Evaluate and select tools, frameworks, and platforms that will help the team successfully execute their DevSecOps responsibilities.
14. Oversee the Dynamic and Static Application Security Testing and support on secure coding practices, secure design principles, and security risk mitigation
15. Developing and implementing security strategies, policies, and procedures to protect the organization's information assets from unauthorized access, misuse, and potential threats.
16. Participate and recommend improvements to policies, processes and procedures and manage their implementation to ensure all relevant procedural / legislative requirements are fulfilled.
17. Supervise the day-to-day operations of Information Security Management team providing some guidance in the related area, encouraging teamwork and facilitating related professional work processes in order to achieve high performance standards.
18. Providing regular training and guidance to team members to help develop and maintain their skills, as well as promoting a culture of collaboration and continuous learning.
19. Lead and manage a team of security professionals responsible for various security functions.
20. Provide guidance, mentoring, and professional development opportunities to team members.
21. Foster a collaborative and high-performance work environment.
22. Ensure compliance with relevant laws, regulations, and industry standards (e.g., CBE, PCI-DSS, ISO 27001).
Requirements
§ Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred.
§ 8-10 years of proven experience as a Security Manager or in a similar security-focused role.
§ Strong knowledge of secure coding practices, secure design principles, and common security vulnerabilities.
§ Familiarity with agile development methodologies and experience integrating security into agile processes.
§ Knowledge of industry regulations and standards such as ISO 27001, NIST, OWASP, etc.
§ Experience conducting security assessments, vulnerability testing, and risk assessments.
§ Familiarity with security tools and technologies such as vulnerability scanners, code analysis tools (SAST/DAST), etc
Recommended Certification:
§ CISSP
§ CISM
§ CSSLP
§ GIAC Cloud Security Automation (GCSA)
§ Certified DevSecOps Engineer (CDSOE)
§ Certified DevSecOps Professional (CDP)
§ DevSecOps Engineering (DSOE)
§ Certified Ethical Hacker (CEH)
§ Offensive Security Defense Analyst (OSDA)
Skills
§ Excellent communication and collaboration skills
§ Strong problem-solving and analytical skills
§ Proficient verbal and written English
§ Ability to manage and prioritize tasks
§ Knowledge of top-level cybersecurity subjects and issues
§ Ability to research threats and draw up logical conclusions through well-thought-out, unbiased processes
§ Ability to troubleshoot and solve problems
§ Ability to learn new technologies quickly
§ Ability to bring together data from diverse sources and articulate it into simple and concise information
