Key skills
DevSecOps expertiseCI/CD pipeline managementVersion control systemsSecurity vulnerability managementCode quality toolsAzureJenkinsGitHub ActionsAzure DevOpsGitGitHubVersion ControlCI/CDSonarQubeCheckmarx
About this role
Skysoft Inc. is seeking a DevSecOPS Consultant to manage the complete DevSecOps pipeline from development to deployment. The role involves integrating security practices across CI/CD and ensuring compliance throughout the application lifecycle.
Responsibilities:
- Managing the complete DevSecOps pipeline from development to deployment
- Integrating security practices across CI/CD
- Ensuring automation, traceability, and compliance throughout the lifecycle
- Expertise in version control systems (e.g., Git, Azure Repos, GitHub)
- Branching strategies, merge processes, and release management
- Designing and maintaining CI/CD pipelines using tools like Azure DevOps, Jenkins, GitHub Actions, etc
- Implementing automated build, deployment, and security scan stages
- Troubleshooting pipeline failures and ensuring high reliability
- Performing code reviews to ensure coding standards and design best practices
- Integrating tools like SonarQube, Checkmarx, or Fortify
- Enforcing organizational governance and compliance policies
- Running SAST, SCA, DAST, and container security scans
- Prioritizing and remediating vulnerabilities with dev teams
- Ensuring alignment with security frameworks and regulatory requirements
Requirements:
- 10+ years of experience
- Strong hands-on expertise across the DevSecOps application lifecycle
- Managing the complete DevSecOps pipeline from development to deployment
- Integrating security practices across CI/CD
- Ensuring automation, traceability, and compliance throughout the lifecycle
- Expertise in version control systems (e.g., Git, Azure Repos, GitHub)
- Branching strategies, merge processes, and release management
- Designing and maintaining CI/CD pipelines using tools like Azure DevOps, Jenkins, GitHub Actions, etc
- Implementing automated build, deployment, and security scan stages
- Troubleshooting pipeline failures and ensuring high reliability
- Performing code reviews to ensure coding standards and design best practices
- Integrating tools like SonarQube, Checkmarx, or Fortify
- Enforcing organizational governance and compliance policies
- Running SAST, SCA, DAST, and container security scans
- Prioritizing and remediating vulnerabilities with dev teams
- Ensuring alignment with security frameworks and regulatory requirements