Engineeringchevron_rightDevSecOps Lead

DevSecOps Lead

A DevSecOps Lead is responsible for objectives including but not limited to the following: building and optimising CI/CD flow, performing security audits of code bases and infrastructure, managing security alerts and incidents, coordinating remediation efforts across development and operations teams... View More

share_twittershare_linkedinlink

track_changesEnsure 99.9% system uptime

tagEnsure 100% RCA and futureproofing with actions for any downtime exceeding 5 minutes
tagConfigure a status page which is visible to customers to check uptime status
tagDo system load testing with 2x the maximum load
tagEnsure 100% A/B testing for new commits
tagImplement mechanism to communicate planned maintenance downtime {48} hours in advance
tagImplement server monitoring tool e.g. Pingdom and ensure alerts are acted upon by assigned person

track_changesObtain clean VAPT reports every 6 months

tagReceive clean VAPT report by {date}
tagEnsure fixes for all High, Medium & Low Vulnerabilities by {date}
tagComplete VAPT by {date}
tagFinalize scope off VAPT of application, APIs, integrations etc.
tagEvaluate 3 different vendor partners and finalize a partner for conducting testing
tagEnsure coverage of 80% for all new commits after implementing the scanning tool
tagImplement static code analysis tool/SAST e.g. SonarQube by {date}

track_changesImplement BCP/DR

tagEnsure RTO time limits are met 100% of the DR dry runs
tagPerform 1 quarterly DR runs and document RTO time and outcomes
tagPerform DR dry run on the BCP location with the defined RTO
tagLaunch BCP Policy & define RTO
tagEvaluate and finalise BCP location

track_changesImplement robust data backup process

tagFix failed backups process within 24 hours TAT
tagDeploy jobs to monitor and verify all data backups every {week/month/year}
tagImplement encryption(AES 256) weekly backup of all non-critical data
tagImplement encryption(AES 256) and daily backup of all critical data repositories
tagIdentify and document critical data repositories

track_changesImplement GDPR Privacy Controls

tagImplement GDPR compliance monitoring tool by {date}
tagReceive certification by {date}
tagComplete external audit by {date}
tagFix all gaps by {date}
tagComplete initial gap analysis by {date}
tagEvaluate 3 different vendor partners and finalize a partner

track_changesObtain SOC 2 Type 2 Certification

tagCollaborate with Sales team to ensure communication with customers and leads
tagReceive certification by {date}
tagComplete external audit by {date}
tagConduct internal SOC 2 Type 2 audit by {date}
tagEnsure 100% proof of policies setup for SOC 2 are being updated and uploaded
tagImplement SOC 2 compliance monitoring tool (e.g. Laikaa) by {date}

track_changesObtain SOC 2 Type 1 Certification

tagReceive certification by {date}
tagComplete external audit by {date}
tagFix all gaps by {date}
tagComplete initial gap analysis by {date}
tagEvaluate 3 different vendor partners and finalize a partner
Wait! Before you go!

You might also be interested in these examples

engineering
SDE-1
engineering
SDE-2
engineering
Backend Engineer

Get started

Get started with your 90-day free trial!