Senior Officer, DevSecOps (40001147)

Job Purpose

The Senior Engineer, DevSecOps is responsible for providing communication, integration, automation, and fluid cooperation between all cross-functional teams to plan, develop, test, deploy, release, and maintain a solution; executing the design, implementation, automation, and enhancement of the Continuous Delivery/Continuous Integration pipelines that represent the DevSecOps ways of working, workflows, and git operations to deliver functionalities from proof of concepts to an on-demand release of value to the end user.

Key Accountabilities (1)

Main work:
- Continuous Delivery Through DevSecOps Factory:
+ Build, map and optimize the delivery of Continuous Delivery pipelines by addressing key elements such as: Process time, Lead time, Delay time, Percentage of completion and accuracy.
+ Continuous Exploration by analyzing and researching the development and implementation of new technologies/features; modification and improvement of existing architectures; define and prioritize activities in the platform backlog according to its needs.
+ Continuous Integration by building, integrating features, bugs fixing the new versions of services and platforms; automating end-to-end testing and validating application services on non-production environments.
+ Continuous Deployment of services and platforms from non-production all the way to production.
+ Release applications/services features fast, efficiently, and first to market on demand of business.
- DevSecOps Factory:
+ Build, implement, improve and measure DevSecOps factory: Tools Chain, Culture, Ways of Working, Mind Set
+ Build, automate, enhance, and integrate security governance: Application và platform continuous security monitoring; API security Testing; Penetration testing; Protocol Fuzzing; Threat Modeling.
- Report periodically to the Director of DevSecOps.

Key Accountabilities (2)

Optimization and compliance:
- Implement and enhance automated Test and Verification, with:
+ Verification of expected business value.
+ Defects found and fixed immediately (Roll forward)
- Increase visibility with automated generation of Information and Reporting, by providing:
+ Dynamic self-service of information
+ Customizable dashboards
+ Cross-reference across organizational boundaries
- Engage stakeholders early and consistently throughout the SDLC, leading to few defects and incorrect requirements.
- Build trust between software engineering and IT, enable organic process improvement and risk mitigation.
- Maximize business value by enabling technical staff to adapt to changing requirements or environmental factors.
- Ensure that team members fulfill their commitments on service quality and comply with the Bank's regulations and policies.

Key Accountabilities (3)

Key Relationships - Direct Manager

Director of DevSecOps

Key Relationships - Direct Reports

N/A

Key Relationships - Internal Stakeholders

Departments in IT and business

Key Relationships - External Stakeholders

Service Provider Partner, IT departments of key customer businesses

Success Profile - Qualification and Experiences

Qualifications
- Graduated from university majoring in Computer Science/Engineering, Software Engineering or Information Technology.
Work Experience
- At least 5 years of relevant experience in software development and minimum 2 years of experience in DevSecOps setup.
- Expert knowledge of DevSecOps factory pipeline components and DevSecOps Metrics.
- Expert knowledge and working experience with public and hybrid cloud environments.
- Hands-on experience on code, commit, code review, document, test, integrate, QA, monitor with frontend and backend languages and technologies.
- Expert knowledge and working experience with DevSecOps tools Chain and security governance.
- Expert knowledge and working experience with Infrastructure as Code and Configuration management.
Foreign language
- English, according to TCB's regulations in each period.