CYBER Security Devsecops Specialist Kinshasa, Congo, Democratic Cyber Security

Position: CYBER SECURITY DEVSECOPS SPECIALIST Kinshasa, Congo, the Democratic Republic of the Cyber Security
Location: Germany

## CYBER SECURITY DEVSECOPS SPECIALISTKinshasa, Congo, the Democratic Republic of the##
** ROLE PURPOSE
** The Dev Sec Ops  Specialist will be crucial in integrating security practices within the Dev Ops process, ensuring our organisation's software and infrastructure are safeguarded from evolving cyber threats.
* The primary responsibility of the Dev Sec Ops  Specialist will be to identify security risks through threat modelling, develop robust mitigation strategies, and implement advanced security measures throughout the software development lifecycle.
* Key duties include application threat modelling, assessing code and applications to ensure they are vulnerability-free before being shipped to production environments in alignment with the organisation's Secure-by-Design framework.
* Responsibilities will also encompass maintaining the security of application or APIs throughout the product lifecycle, consistent with the Dev Sec Ops  continuum and internal security standards.
* Additional tasks involve monitoring and securing the CI/CD pipeline, conducting comprehensive security audits, responding to and investigating security incidents, and establishing/enforcing stringent security protocols.
* Furthermore, the Dev Sec Ops  Specialist will provide security expertise to development and operations teams, fostering a culture of security awareness and adherence to best practices.
Staying current on the latest cyber threats and security technologies is essential for effectively protecting the organisation's assets.
* Proficiency in fundamental programming languages such as JavaScript (React JS, Next JS, Angular JS), Node JS, Golang, Python and Java is a prerequisite. Additionally, C++, C#, scripting skills in Bash and Power Shell are considered a plus.
* Experience with cloud platforms like AWS, Azure, Google Cloud Platform (GCP), and IBM Cloud is essential, along with an understanding of cloud security best practices relevant to these environments.
* Knowledge of containerization and orchestration solutions, including Docker, Kubernetes, and Open Shift, is important. An appreciation of the security aspects of containerization, such as image scanning and runtime security, is highly valued.
* Candidates should have exposure to CI/CD pipeline tools like Jenkins, Git Hub Actions Git Lab CI/CD, Circle

CI, and Travis CI and experience integrating security into CI/CD pipelines.
Knowledge of Infrastructure as Code (IaC) using tools like Terraform, Cloud Formation, Ansible, Chef, and Puppet is necessary, with a desirable understanding of security practices in IaC environments.
* Extensive exposure to security tools and technologies is required. This includes Static Application Security Testing (SAST) tools like Sonar Qube and Checkmarx, Dynamic Application Security Testing (DAST) tools like OWASP ZAP and Burp Suite, Software Composition Analysis (SCA) tools like White Source (Mend.io) and Snyk, and Runtime Application Self-Protection (RASP) tools.
* A solid appreciation of network security, including firewalls, VPNs, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS), is essential. An understanding of network protocols and security, such as TCP/IP, HTTP/HTTPS, Network zoning model and SSL/TLS, is also important.
* An understanding of threat modelling and vulnerability management is required, as well as experience using tools like the Microsoft Threat Modeling Tool, OWASP Threat Dragon, and vulnerability scanners like Nessus and Qualys.
* The ability to implement application monitoring and logging tools like Splunk, the ELK Stack (Elasticsearch, Logstash, Kibana), Prometheus, and Grafana is necessary.##
** CORE RESPONSIBILITIES MANAGEMENTS
*** Knowledge of integrating with Security Information and Event Management (SIEM) tools is also desirable.
* Some exposure to Identity and Access Management (IAM) tools like Okta, Auth0, AWS IAM, and Azure AD is preferred. Knowledge of Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) is critical.
* An understanding of databases, including relational databases like Oracle, MySQL, Postgre

SQL, and SQL Server, is preferred and No

SQL database as well such as Mongo

DB and Kassandra DB. This includes the ability to construct efficient queries, optimize database performance, and ensure data integrity and security.
* Additionally, a good understanding of secure development and assessment of application programmable interfaces (APIs) is a critical skill.
* This involves knowledge of RESTful and SOAP APIs, implementing secure API authentication and authorization mechanisms, and conducting regular security assessments to identify and mitigate potential vulnerabilities##
** QUALIFICATION AND EXPERIENCE
*** Minimum of 3-5 years of experience in Cyber Security
* Bachelor's degree in computer science, information technology, cyber security, or a related field.
* Security-related certifications such as Dev Ops Institute's Dev Sec Ops  Foundation;
Certified Kubernetes Security…