EngineeringDevSecOps Lead
DevSecOps Lead
A DevSecOps Lead is responsible for objectives including but not limited to the following: building and optimising CI/CD flow, performing security audits of code bases and infrastructure, managing security alerts and incidents, coordinating remediation efforts across development and operations teams... View More
Ensure 99.9% system uptime
Ensure 100% RCA and futureproofing with actions for any downtime exceeding 5 minutes
Configure a status page which is visible to customers to check uptime status
Do system load testing with 2x the maximum load
Ensure 100% A/B testing for new commits
Implement mechanism to communicate planned maintenance downtime {48} hours in advance
Implement server monitoring tool e.g. Pingdom and ensure alerts are acted upon by assigned person
Obtain clean VAPT reports every 6 months
Receive clean VAPT report by {date}
Ensure fixes for all High, Medium & Low Vulnerabilities by {date}
Complete VAPT by {date}
Finalize scope off VAPT of application, APIs, integrations etc.
Evaluate 3 different vendor partners and finalize a partner for conducting testing
Ensure coverage of 80% for all new commits after implementing the scanning tool
Implement static code analysis tool/SAST e.g. SonarQube by {date}
Implement BCP/DR
Ensure RTO time limits are met 100% of the DR dry runs
Perform 1 quarterly DR runs and document RTO time and outcomes
Perform DR dry run on the BCP location with the defined RTO
Launch BCP Policy & define RTO
Evaluate and finalise BCP location
Implement robust data backup process
Fix failed backups process within 24 hours TAT
Deploy jobs to monitor and verify all data backups every {week/month/year}
Implement encryption(AES 256) weekly backup of all non-critical data
Implement encryption(AES 256) and daily backup of all critical data repositories
Identify and document critical data repositories
Implement GDPR Privacy Controls
Implement GDPR compliance monitoring tool by {date}
Receive certification by {date}
Complete external audit by {date}
Fix all gaps by {date}
Complete initial gap analysis by {date}
Evaluate 3 different vendor partners and finalize a partner
Obtain SOC 2 Type 2 Certification
Collaborate with Sales team to ensure communication with customers and leads
Receive certification by {date}
Complete external audit by {date}
Conduct internal SOC 2 Type 2 audit by {date}
Ensure 100% proof of policies setup for SOC 2 are being updated and uploaded
Implement SOC 2 compliance monitoring tool (e.g. Laikaa) by {date}
Obtain SOC 2 Type 1 Certification
Receive certification by {date}
Complete external audit by {date}
Fix all gaps by {date}
Complete initial gap analysis by {date}
Evaluate 3 different vendor partners and finalize a partner
Wait! Before you go!
You might also be interested in these examples
SDE-1
SDE-2
Backend Engineer