Platform Operations Lead | 人才服务办公室

职位描述

Platform Operations Lead (DevSecOps)

We are seeking a Lead Platform Operations Engineer with a strong DevSecOps experience, committed to delivering secure, scalable, and innovative solutions. In this critical role, you will enhance application security and champion secure development practices within my client's growing DevSecOps team.

You will be responsible for embedding security throughout the software development lifecycle and optimizing the security of existing infrastructure. This includes close collaboration with cross-functional teams to ensure adherence to top security standards while fostering a shift-left culture in DevOps.

Responsibilities of the Role:

• Integrate security measures into CI/CD pipelines to ensure comprehensive application security.
• Identify and manage false positives in automated security testing and establish effective vulnerability remediation processes.
• Implement secure coding practices to minimize security vulnerabilities.
• Advocate for and educate development teams on application security best practices and DevSecOps methodologies.
• Conduct regular security assessments, code reviews, and threat modeling for both existing and new features.
• Design and implement security solutions and automation tools to strengthen the overall DevOps security posture.
• Work collaboratively with product management to align security requirements with business priorities and timelines.
• Stay informed on the latest security trends, vulnerabilities, and technologies relevant to the DevSecOps landscape.

Required Skills for the Role:

• Extensive experience in Application Development with a strong emphasis on secure coding and DevSecOps principles.
• Proficiency in software development, particularly in Java and/or Node.js.
• In-depth knowledge of application security best practices, including secure coding techniques, vulnerability analysis, and security testing.
• Expertise in managing and addressing false positives within DevOps pipelines and security tools.
• Familiarity with CI/CD tools such as Jenkins, GitLab, Azure DevOps, or equivalent platforms.
• Knowledge of security frameworks and tools (e.g., OWASP, SAST, DAST, IAST, SCA).
• Practical experience with container security, cloud security, and microservices architecture.
• Strong communication and leadership skills to mentor and guide teams on security best practices.
• Relevant certifications are a plus.

"Sanderson-iKas" is the brand name for the following companies incorporated in Hong Kong: Sanderson Solutions International (Hong Kong) Limited (Business Registration no.53741924) and iKas International (Asia) Limited (Business Registration no.39818987)

Website: www.sanderson-ikas.hk