EngineeringDevSecOps Lead
DevSecOps Lead
A DevSecOps Lead is responsible for objectives including but not limited to the following: building and optimising CI/CD flow, performing security audits of code bases and infrastructure, managing security alerts and incidents, coordinating remediation efforts across development and operations teams... View More
Obtain SOC 2 Type 1 Certification
Evaluate 3 different vendor partners and finalize a partner
Complete initial gap analysis by {date}
Fix all gaps by {date}
Complete external audit by {date}
Receive certification by {date}
Obtain SOC 2 Type 2 Certification
Implement SOC 2 compliance monitoring tool (e.g. Laikaa) by {date}
Ensure 100% proof of policies setup for SOC 2 are being updated and uploaded
Conduct internal SOC 2 Type 2 audit by {date}
Complete external audit by {date}
Receive certification by {date}
Collaborate with Sales team to ensure communication with customers and leads
Implement GDPR Privacy Controls
Evaluate 3 different vendor partners and finalize a partner
Complete initial gap analysis by {date}
Fix all gaps by {date}
Complete external audit by {date}
Receive certification by {date}
Implement GDPR compliance monitoring tool by {date}
Implement robust data backup process
Identify and document critical data repositories
Implement encryption(AES 256) and daily backup of all critical data repositories
Implement encryption(AES 256) weekly backup of all non-critical data
Deploy jobs to monitor and verify all data backups every {week/month/year}
Fix failed backups process within 24 hours TAT
Implement BCP/DR
Evaluate and finalise BCP location
Launch BCP Policy & define RTO
Perform DR dry run on the BCP location with the defined RTO
Perform 1 quarterly DR runs and document RTO time and outcomes
Ensure RTO time limits are met 100% of the DR dry runs
Obtain clean VAPT reports every 6 months
Implement static code analysis tool/SAST e.g. SonarQube by {date}
Ensure coverage of 80% for all new commits after implementing the scanning tool
Evaluate 3 different vendor partners and finalize a partner for conducting testing
Finalize scope off VAPT of application, APIs, integrations etc.
Complete VAPT by {date}
Ensure fixes for all High, Medium & Low Vulnerabilities by {date}
Receive clean VAPT report by {date}
Ensure 99.9% system uptime
Implement server monitoring tool e.g. Pingdom and ensure alerts are acted upon by assigned person
Implement mechanism to communicate planned maintenance downtime {48} hours in advance
Ensure 100% A/B testing for new commits
Do system load testing with 2x the maximum load
Configure a status page which is visible to customers to check uptime status
Ensure 100% RCA and futureproofing with actions for any downtime exceeding 5 minutes
Wait! Before you go!
You might also be interested in these examples
Manager, Engineering
Director, Engineering
Chief Technology Officer (CTO)
