Information Security Lead

As Information Security Team Lead specializing in DevSecOps, youll partner with Amdocs development teams to seamlessly integrate security tools into our CI/CD pipeline.
Youll oversee the security tools environment while driving automation initiatives through scripting, test development, and monitoring dashboards.

The role requires staying ahead of emerging security code scan threats and collaborating with teams to implement robust protection measures. Youll guide R&D teams in adopting secure development practices and provide expert security consultation to diverse teams across product development, engineering, and services departments.

1. Manage a team of DevSecOps security analysts and implementation engineers
2. Implement DevSecOps tools in all product dev environments
3. Follow up with staff members to ensure completion of security-related tasks
4. Manage and maintain Security health check of the integrated automation.
5. Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs.
6. Analyze the implementation needs and provide effort estimation to the users
7. Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation.
8. Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
9. Liaise with development and infra teams to get the defect resolutions
10. Onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge.
11. Working with external vendors for support, manage the relevant vendor employees and make sure the support is performed as planned
12. Maintaining hardware and software deployment and POC planning

Must-Have

• 3+ years of experience in leading a team (team of security analysts is preferrable)
• 5+ years of relevant experience in information Security DevSecOps
• Total experience - 6-8 years
• Extensive expertise in Application security and security architecture area.
• Hands on experience in SAST Tools (e.g. Checkmarx), Container Scanning tools (Twistlock, Wiz)
• Expertise in Security code reviews and onboarding process for managing false positives
• 5+ years experience in FOSS security issues and security hardening (CIS benchmarks)
• 3+ years experience in setting up continuous integration and continuous delivery systems
• 2-3 years experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase, Github actions
• Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy
• Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts
• Great Communication skills - (Ability to communicate with a Developer, a Manager or Director level).
• Project Management Skills
• 2-3 years basic understanding of Cloud Platforms
• BS in Computer Science, or equivalent
• Working in Agile/Scrum team

Nice to have:

• Familiarity with REST Services, Service Oriented Systems and Micro-services architecture
• Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh)
• Knowledge in distributed systems, software and network security preferred.
• Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems
• Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
• 2+years of experience on docker /k8s

• You will have the influence on many of the security teams in Amdocs and therefor the whole company
• You will bring the innovation into security teams in Amdocs
• You will have the independence to design the role as you think and like