Engineeringchevron_rightDevSecOps Lead

DevSecOps Lead

A DevSecOps Lead is responsible for objectives including but not limited to the following: building and optimising CI/CD flow, performing security audits of code bases and infrastructure, managing security alerts and incidents, coordinating remediation efforts across development and operations teams... View More

link

track_changesObtain SOC 2 Type 1 Certification

tagEvaluate 3 different vendor partners and finalize a partner
tagComplete initial gap analysis by {date}
tagFix all gaps by {date}
tagComplete external audit by {date}
tagReceive certification by {date}

track_changesObtain SOC 2 Type 2 Certification

tagImplement SOC 2 compliance monitoring tool (e.g. Laikaa) by {date}
tagEnsure 100% proof of policies setup for SOC 2 are being updated and uploaded
tagConduct internal SOC 2 Type 2 audit by {date}
tagComplete external audit by {date}
tagReceive certification by {date}
tagCollaborate with Sales team to ensure communication with customers and leads

track_changesImplement GDPR Privacy Controls

tagEvaluate 3 different vendor partners and finalize a partner
tagComplete initial gap analysis by {date}
tagFix all gaps by {date}
tagComplete external audit by {date}
tagReceive certification by {date}
tagImplement GDPR compliance monitoring tool by {date}

track_changesImplement robust data backup process

tagIdentify and document critical data repositories
tagImplement encryption(AES 256) and daily backup of all critical data repositories
tagImplement encryption(AES 256) weekly backup of all non-critical data
tagDeploy jobs to monitor and verify all data backups every {week/month/year}
tagFix failed backups process within 24 hours TAT

track_changesImplement BCP/DR

tagEvaluate and finalise BCP location
tagLaunch BCP Policy & define RTO
tagPerform DR dry run on the BCP location with the defined RTO
tagPerform 1 quarterly DR runs and document RTO time and outcomes
tagEnsure RTO time limits are met 100% of the DR dry runs

track_changesObtain clean VAPT reports every 6 months

tagImplement static code analysis tool/SAST e.g. SonarQube by {date}
tagEnsure coverage of 80% for all new commits after implementing the scanning tool
tagEvaluate 3 different vendor partners and finalize a partner for conducting testing
tagFinalize scope off VAPT of application, APIs, integrations etc.
tagComplete VAPT by {date}
tagEnsure fixes for all High, Medium & Low Vulnerabilities by {date}
tagReceive clean VAPT report by {date}

track_changesEnsure 99.9% system uptime

tagImplement server monitoring tool e.g. Pingdom and ensure alerts are acted upon by assigned person
tagImplement mechanism to communicate planned maintenance downtime {48} hours in advance
tagEnsure 100% A/B testing for new commits
tagDo system load testing with 2x the maximum load
tagConfigure a status page which is visible to customers to check uptime status
tagEnsure 100% RCA and futureproofing with actions for any downtime exceeding 5 minutes
Wait! Before you go!

You might also be interested in these examples

engineering
Manager, Engineering
engineering
Director, Engineering
engineering
Chief Technology Officer (CTO)

Get started

Get started with your 14 days free trial today