Sr. Staff Engineer DevSecOps

Posted 6 Days Ago
Be an Early Applicant
India
Senior level
Internet of Things • Semiconductor
The Role
The Sr. Staff Engineer DevSecOps is responsible for integrating security into the software development lifecycle through strategy implementation, risk assessment, and tool management. The role includes establishing security standards, automating security processes, maintaining incident response plans, and ensuring continuous learning within the team.
Summary Generated by Built In

Responsibilities:

DevSecOps Strategy:

  • Implement the Semtech DevSecOps strategy to integrate security seamlessly into the software development lifecycle.

  • Collaborate with cross-functional teams to establish and maintain secure coding standards, continuous integration, and continuous delivery pipelines.

DevSecOps Planning:

  • Establish clear project security goals and objectives, defining and prioritizing security requirements to align with organizational objectives.

  • Identify and assess potential security risks and threats, developing a comprehensive threat model for the application.

  • Set up a robust security governance structure within the project, implementing a security architecture plan and documenting all aspects of the planning process for future reference.

Security Automation:

  • Evaluate, implement, and manage security tools and technologies within the DevOps toolchain to automate security testing, vulnerability scanning, and compliance checks.

  • Ensure the tools are effectively utilized to identify and remediate security vulnerabilities early in the development process.

  • Drive the automation of security controls and processes to enhance efficiency and reduce manual intervention.

  • Implement automated security testing, code analysis, and deployment validation to maintain a high level of security without impeding development velocity.

  • Develop and maintain automated security processes for infrastructure as code (IaC) deployments.

Operations & Monitor:

  • Maintain an incident response plan specific to DevOps processes, ensuring rapid identification, containment, eradication, and recovery from security incidents.

  • Collaborate with incident response teams to integrate DevOps-related incidents into the overall organizational response plan.

  • Implement security monitoring and adhere to incident response procedures to detect and respond swiftly to security incidents.

  • Set up automated log and event monitoring, continuously updating and patching all components across production, pre-production, and development environments to minimize vulnerabilities.

  • Monitor all environments (Prod, Pre-Prod, Dev) for security events.

  • Review and update access controls, permissions, and security policies regularly, documenting all monitoring practices for reference and improvement.

  • Working closely with DevOps to update and patch all components in all environments to address known vulnerabilities and enhance overall security

Continuous Learning:

  • Stay current with industry trends, emerging threats, and security technologies.

  • Implement a culture of continuous learning within the team, encouraging certifications, training, and knowledge sharing.

Minimum Qualifications:

  • Bachelor's degree in computer science, information technology, or a related field (master's degree preferred).

  • Extensive experience in cloud architecture and strategy with a proven track record of successful cloud adoption.

  • Proven experience as a DevSecOps Engineer in AWS cloud environments.

  • Strong understanding of cloud security principles and best practices.

  • Hands-on experience with security tools such as AWS Security Hub, WAF, and third-party security solutions.

  • Proficiency in scripting and automation languages (e.g., Python, Shell, PowerShell).

  • Experience with CI/CD tools and practices such as GitHub actions, Chef, Anisble, Salt, Puppet,etc.

  • Knowledge of containerization and orchestration technologies (e.g., Docker, Kubernetes).

  • Certifications: AWS Certified Security – Specialty, Certified DevOps Engineer, or Certified Information Systems Security Professional (CISSP).

  • Strong analytical and problem-solving skills.

Top Skills

Powershell
Python
Shell
The Company
HQ: Camarillo, CA
1,475 Employees
On-site Workplace
Year Founded: 1960

What We Do

Semtech Corporation is a high-performance semiconductor, IoT systems and Cloud connectivity service provider dedicated to delivering high quality technology solutions that enable a smarter, more connected and sustainable planet.

Similar Jobs

Motorola Solutions Logo Motorola Solutions

Senior Software Engineer(Devops/Jenkins/Scripting/Git/Build Automation)

Artificial Intelligence • Hardware • Information Technology • Security • Software • Cybersecurity • Big Data Analytics
Hybrid
Bangalore, Bengaluru, Karnataka, IND
21000 Employees
Hybrid
Hyderabad, Telangana, IND
289097 Employees
Gurugram, Haryana, IND
15289 Employees

Signify Logo Signify

Development Engineer

Internet of Things • Appliances • Manufacturing
Bangalore, Bengaluru Urban, Karnataka, IND
11796 Employees

Similar Companies Hiring

Optimum Thumbnail
Software • Retail • Mobile • Marketing Tech • Internet of Things • Digital Media • AdTech
Long Island City, NY
9000 Employees
Arch Systems Inc. Thumbnail
Software • Manufacturing • Machine Learning • Internet of Things • Industrial • Artificial Intelligence • Analytics
US
80 Employees
Halter Thumbnail
Software • Machine Learning • Internet of Things • Hardware • Greentech • Business Intelligence • Agriculture
Auckland City, NZ
150 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account