KPMG IT Service OOD is an IT service provider with a mission to digitalize the core business of the KPMG network member firms and their clients. We employ more than 400 people in Sofia and deliver the full spectrum of IT services to our clients, including SAP solutions, Software Engineering, Application & Platform Operations, Cloud and Infrastructure.
Our Cloud Services unit is focused on designing, building, securing and managing cloud native & hybrid platforms for the KPMG group of member firms, as well as providing cloud advisory and engineering services to external clients.
DevSecOps Security Architect/Engineer role will have a major function to help in Security projects and define the required security guardrails, in addition the role will cover leading a team of DevSecOps/DevOps engineers to build solutions for security scanning, penetration testing and risk assessment (threat modelling).
Your responsibilities:
- Develop and update internal cyber security function processes for DevSecOps.
- Craft cyber security function requirements on the DevSecOps projects:
- Cybersecurity tools requirements and the integration to CI/CD pipelines to improve developer productivity, agility, and automation code quality
- Prepare and present design and implementation documentation to multiple stakeholders.
- Requirements for Application Security Orchestration & Correlation (ASOC)
- Requirements for integrating all Application security tools (DAST, SAST, SCA, IAST, MAST and Threat Modelling) and vulnerability scanning tools with CI/CD tools
- Implementing Security Guardrails
- Collaborate closely with development teams to understand their current build and release processes and make recommendations for improvement.
- Partner with cross-functional stakeholders, including development, operations, quality assurance and security, to streamline processes and troubleshoot complex production issues.
- Provide guidance to development teams to improve performance and operability of the solutions they develop.
- Continuously improve automation idea to enable teams to secure code efficiently and consistently.
- Highlight automated testing requirements to reduce manual effort and improve product quality.
- Mentor and coach junior-level DevSecOps security team member
What you bring in:
- Experience with agile development and strong understanding of DevOps principles.
- Experience with penetration testing and threat modelling
- Extensive knowledge about IT change management and DevSecOps methodology
- Experience with establishing effective DevSecOps Security environment.
- Has experience in establishing and configuring Application Security Orchestration & Correlation (ASOC)
- Experience with DAST , SAST, SCA, IAST, MAST and Threat Modelling Solutions
- Experience with CI/CD pipeline
- Strong communication and collaboration skills both in English and Bulgarian, with a demonstrated ability to work well as part of a team.
- Experience with securing Docker and Kubernetes
What we consider as an advantage:
- 3+ years of relevant DevSecOps experience
- 5+ years of relevant DevOps experience.
- EXIN DevSecOps Manager certificate
- Global Skill Development Council’s (GSDC) Certified DevSecOps Engineer certificate
- GIAC Cloud Security Automation (GCSA) certificate
- Certified DevSecOps Professional CDP certificate
What we offer:
- The chance to work in a top talent team
- Attractive remuneration
- Build кnowledge in cutting-edge technologies
- Opportunity for continuous training, learning and certification
- Experience in an international and multicultural organization
- Work on challenging projects with clients in various industries around the globe
- Modern office environment
- Additional health insurance
- Life insurance
- Free public transport card
- Free sports facilities card
- Hybrid working policy