DevSecOps Analyst/ Sr. Analyst
On-site Cairo, Cairo Governorate, Egypt 0036
Description
1. Collaborate with cross-functional teams to integrate security practices into development processes.
2. Provide guidance and support on secure coding practices, secure design principles, and security risk mitigation.
3. Conduct security assessments to identify and address potential security risks.
4. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in the industry and with emerging trends and technologies in the DevSecOps field in order to make recommendations for improving the organization's processes.
5. Evaluate and recommend security tools and technologies to enhance the security posture of the organization and within the CI/CD pipeline.
6. Ensure the confidentiality, integrity, and availability of an organization's information systems and data.
7. Develop and implement security strategies, policies, and procedures to protect the organization's information assets from unauthorized access, misuse, and potential threats.
8. Monitor and analyze the security metrics within the development lifecycle in a DevSecOps capacity.
9. ensure timely delivery of security requirements as a top priority at every stage of the development lifecycle.
10. Responsible for the security of the software development process, including automating scans, code verification, and developing security protocol to protect sensitive data and ensure proper prevention against cyber threats.
11. support in secure coding practices, secure design principles, and security risk mitigation.
12. Collaborate with both development and operations teams to create a seamless flow of work and maintain an agile workflow.
13. Ensure continuous integration and delivery (CI/CD) processes are followed, promoting the speedy release of high-quality software.
14. Perform Dynamic and Static Application Security Testing and support on secure coding practices, secure design principles, and security risk mitigation
15. Participate, develop and recommend improvements to policies, processes and procedures and manage their implementation to ensure all relevant procedural / legislative requirements are fulfilled.
16. Follow the day-to-day operations related to own jobs in the Information Security Management department to ensure continuity of work.
17. Ensure compliance with relevant laws, regulations, and industry standards (e.g., CBE, PCI-DSS, ISO 27001).
Requirements
§ Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred.
§ 3-5 years of proven experience in a similar security-focused role.
§ Strong knowledge of secure coding practices, secure design principles, and common security vulnerabilities.
§ Familiarity with agile development methodologies and experience integrating security into agile processes.
§ Knowledge of industry regulations and standards such as ISO 27001, NIST, OWASP, etc.
§ Experience conducting security assessments, vulnerability testing, and risk assessments.
§ Familiarity with security tools and technologies such as vulnerability scanners, code analysis tools, etc.
Recommended Certification:
§ CISSP
§ CISM
§ CSSLP
§ GIAC Cloud Security Automation (GCSA)
§ Certified DevSecOps Engineer (CDSOE)
§ Certified DevSecOps Professional (CDP)
§ DevSecOps Engineering (DSOE)
§ Certified Ethical Hacker (CEH) Offensive Security Defense Analyst (OSDA)
Skills
§ Excellent communication and collaboration skills
§ Strong problem-solving and analytical skills
§ Proficient verbal and written English
§ Ability to manage and prioritize tasks
§ Knowledge of top-level cybersecurity subjects and issues
§ Ability to research threats and draw up logical conclusions through well-thought-out, unbiased processes
§ Ability to troubleshoot and solve problems
§ Ability to learn new technologies quickly
§ Ability to bring together data from diverse sources and articulate it into simple and concise information
