Expert, DevSecOps (40001146)

Job Purpose

- The job holder responsible for ensuring DevOps becomes a mindset, a culture, and a set of technical practices.
- The job holder will provide communication, integration, automation, and close cooperation among all the people needed to plan, develop, test, deploy, release, and maintain a Solution.
- The job holder will technically lead DevOps team to design and enhance the Continuous Delivery Pipeline (CDP) that represents the workflows, activities, and automation needed to shepherd a new piece of functionality from ideation to an on-demand release of value to the end user

Key Accountabilities (1)

Continuous Delivery through DevSecOps Factory
- Build, map and optimize delivery of the Continuous Delivery Pipeline (CDP) by addressing key elements like: process time, lead time, delay time and percent of complete and accurate.
- Continuous Exploration (CE) – understand the market problem / customer need by analyzing and researching to identify the solution required to meet that need, from which suggest development of new features or modification from existing architectures, define and prioritize activities in the Program Backlog.
- Continuous Integration (CI) – take features from the Program Backlog and implement them to deliver a completed work which is committed to version control, built and integrated into a full system or solution, and tested end-to-end before being validated in a staging environment.
- Continuous Deployment (CD) - take the changes from the staging environment and deploy them to production.
- Release on Demand (RoD) - make value available to customers all at once, or in a staggered fashion based market and business needs.

Key Accountabilities (2)

DevSecOps Factory
- Build, automate, enhance and measure DevSecOps factory.
- Build, automate, enhance and integrate threat modeling.
- Build, automate, enhance and integrate application security.
- Build, automate, enahnce and integrate penetration testing.
- Build, automate, enhance and integrate continious security monitoring.

Key Accountabilities (3)

DevSecOps Targets
- Consistently develop software systems with higher quality and accuracy of project budgeting and estimation.
- Increase visibility and stakeholder input into features for the next release as it is being developed.
- Engage stakeholders early and consistently throughout the SDLC, leading to few defects and incorrect requirements.
- Build trust between software development and IT, enable organic process improvement and risk mitigation.
- Maximize business value by enabling technical staff to adapt to changing requirements or environmental factors.

Key Relationships - Direct Manager

Manager/ Senior Manager/ Director, DevSecOps

Key Relationships - Direct Reports

Key Relationships - Internal Stakeholders

Key Relationships - External Stakeholders

Application/solution provider partners, IT departments of key customer businesses

Success Profile - Qualification and Experiences

Qualifications
- Bachelor's or Master’s degree in computer science, software engineering or information technology
Work Experience
- At least 7 years of relevant experience in software development and minimum 2 years of experience in DevSecOps setup.
- Knowledge of DevSecOps factory pipeline components and DevSecOps Metrics.
- Experience working with cloud environments is a must.
- Hands-on experience on code, commit, code review, document, test, integrate, qa, monitor with front end and back end languages and technologies.
- Experience working with DevSecOps tools is a must (RE protection, SSL pinning, payload encryption, Code quality, source code analysis, SAST/DAST tools).
Foreign language
- English/ according to TCB's regulations in each period