Engineeringchevron_rightDevSecOps Lead

DevSecOps Lead

A DevSecOps Lead is responsible for objectives including but not limited to the following: building and optimising CI/CD flow, performing security audits of code bases and infrastructure, managing security alerts and incidents, coordinating remediation efforts across development and operations teams... View More

share_twittershare_linkedinlink

track_changesObtain SOC 2 Type 1 Certification

tagEvaluate 3 different vendor partners and finalize a partner
tagComplete initial gap analysis by {date}
tagFix all gaps by {date}
tagComplete external audit by {date}
tagReceive certification by {date}

track_changesObtain SOC 2 Type 2 Certification

tagImplement SOC 2 compliance monitoring tool (e.g. Laikaa) by {date}
tagEnsure 100% proof of policies setup for SOC 2 are being updated and uploaded
tagConduct internal SOC 2 Type 2 audit by {date}
tagComplete external audit by {date}
tagReceive certification by {date}
tagCollaborate with Sales team to ensure communication with customers and leads

track_changesImplement GDPR Privacy Controls

tagEvaluate 3 different vendor partners and finalize a partner
tagComplete initial gap analysis by {date}
tagFix all gaps by {date}
tagComplete external audit by {date}
tagReceive certification by {date}
tagImplement GDPR compliance monitoring tool by {date}

track_changesImplement robust data backup process

tagIdentify and document critical data repositories
tagImplement encryption(AES 256) and daily backup of all critical data repositories
tagImplement encryption(AES 256) weekly backup of all non-critical data
tagDeploy jobs to monitor and verify all data backups every {week/month/year}
tagFix failed backups process within 24 hours TAT

track_changesImplement BCP/DR

tagEvaluate and finalise BCP location
tagLaunch BCP Policy & define RTO
tagPerform DR dry run on the BCP location with the defined RTO
tagPerform 1 quarterly DR runs and document RTO time and outcomes
tagEnsure RTO time limits are met 100% of the DR dry runs

track_changesObtain clean VAPT reports every 6 months

tagImplement static code analysis tool/SAST e.g. SonarQube by {date}
tagEnsure coverage of 80% for all new commits after implementing the scanning tool
tagEvaluate 3 different vendor partners and finalize a partner for conducting testing
tagFinalize scope off VAPT of application, APIs, integrations etc.
tagComplete VAPT by {date}
tagEnsure fixes for all High, Medium & Low Vulnerabilities by {date}
tagReceive clean VAPT report by {date}

track_changesEnsure 99.9% system uptime

tagImplement server monitoring tool e.g. Pingdom and ensure alerts are acted upon by assigned person
tagImplement mechanism to communicate planned maintenance downtime {48} hours in advance
tagEnsure 100% A/B testing for new commits
tagDo system load testing with 2x the maximum load
tagConfigure a status page which is visible to customers to check uptime status
tagEnsure 100% RCA and futureproofing with actions for any downtime exceeding 5 minutes
Wait! Before you go!

You might also be interested in these examples

engineering
SDE-1
engineering
Chief Technology Officer (CTO)
engineering
Frontend Engineer

Get started

Get started with your 14-day free trial!