Key Responsibilities and Deliverables:

📍Implement DevSecOps Practices: Design, develop, and enhance the overall DevSecOps strategy, encompassing the integration of security controls, vulnerability scanning, and threat detection into the software development lifecycle (SDLC). 📍Security Automation: Develop and maintain automation scripts, tools, and frameworks to streamline security processes, such as code scanning, configuration management, and continuous security monitoring. 📍Secure Development: Collaborate with development teams to incorporate secure coding practices, conduct code reviews, and provide guidance on remediation of security vulnerabilities. 📍Security Testing and Compliance: Establish and maintain a robust testing framework, including penetration testing, vulnerability scanning, and security assessments, to identify and mitigate potential security risks. 📍Apply risk-based thinking enabling teams to make the right security decisions and priorities 📍Identify gaps in existing security architecture and design and recommend changes or enhancements 📍Incident Response and Monitoring: Participate in incident response activities, investigate security incidents, and contribute to improving incident response processes. Develop and maintain security monitoring systems to detect and respond to security threats proactively. 📍Continuous Improvement: Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices. Continuously evaluate and enhance the security posture of our systems, infrastructure, and applications. 📍Collaboration and Training: Work closely with cross-functional teams, including developers, system administrators, and security professionals, to promote a culture of security awareness and knowledge sharing. Conduct training sessions to educate and empower team members on secure coding and deployment practices.

Your Profile:

📍Bachelor's or Master's degree in Computer Science, Information Security, or a related field. 📍Strong knowledge of DevOps principles, practices, and tools (e.g., CI/CD, version control, configuration management). 📍Deep understanding of software development methodologies, programming languages (e.g., Java, Python, C#), and related frameworks. 📍Expertise in security concepts, including authentication, authorization, encryption, vulnerability management, and secure network design. 📍Hands-on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP 10 and SANS 25 📍Familiarity with industry-standard security tools and technologies (e.g., IDS/IPS, SIEM, WAF, vulnerability scanners). 📍Experience with cloud platforms (e.g., AWS, Azure, GCP) and their security services. 📍Proficiency in scripting and automation languages (e.g., Bash, PowerShell, Python). 📍Strong analytical and problem-solving skills, with the ability to identify and address security vulnerabilities and risks. 📍Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams. 📍Experience with web3 and blockchain technologies is a plus. 📍Relevant certifications (e.g., CISSP, CEH, AWS Certified Security Specialty) are a plus. 📍Able to effectively listen, speak, read and write in English and Chinese