Assistant Vice President - Enterprise Computing

Job Description

A Position Overview

Position Title

DevSecOps Engineer /Architect

Department

IT

Level / Band

Sr. Manager / AVP

Role Summary: The role has overall responsibility of enablement of automation and security at each level for all business requirement of Life Insurance sales channels, Operations, HR , Finance and other functions to meet the business objective. He should prepare technical solution design specification to implement the automation and security integration for all business requirements and take the ownership to get that implemented. Perform competitive analysis for security vulnerability checks and identify best suitable tool that may help in faster automation in on-prem as well as cloud and dissolving vulnerability issue. The role needs the candidate to understand Insurance domain, mentor the team and collaborate with application and integration teams to enable security integration for identify vulnerability at code level, host level and patch level as well as identify any kind of ransomware, malware, Trojan horses in all the running environments. Role needs to support project managers, integration design, design reviews for proactive monitoring, fail safe, performant and secure the applications with project delivery objectives.

Support project engagement, product enhancements and new development by understanding business requirements, and performing competitive analysis for of the development of integrations.

• As a Sr. DevSecOps Engineer provide technical and consultative guidance to the application teams and setup CI/CD/CT jobs with enablement of security and automation on a range of complex engagements and deliver the vulnerability free solution.
• Good exposure to DevSecOps with terminology for SCA/SAST/DAST/IAST tools, Security compliance initiatives, governance, automation skills that helps in enabling the security standards at different levels of environments
• Leading the implementation of small, mid, and large engagements
• Execution of high complex internal/partner consulting services based on best practices
• Proposing problem solving activities and approaches for dynamic customer challenges within project/engagements
• Possess foundational working knowledge of IT industry best practices and Well-Architected frameworks having clear visibility of overview and projections scope.
• Improving the overall service business by identifying internal process improvements, training, and opportunities
• Expert guidance to team for setting up architectural runway with security integration to provide support for business teams/Partners and ensuring solution strategy is optimally aligned.

B Organizational Relationships

Reports to

VP - Information Technology

Supervises

Individual Contributor

C Job Dimensions

Geographic Area Covered

Pan India

Stakeholders Internal

All Departments

External

IT / DC Vendors

D Key Result Areas

Project / Delivery Management

Assist application teams on technical and automate functions on SCA/SAST/DAST and IAST.

Identify the security vulnerabilities and help app team to get it fixed to accelerate solution delivery

Identify areas of automation and security enablement as per current standards and technology innovations are in place

Identify the Solution for Infra as Code, Security as Code, Configuration as Code, Policy as Code and availability of environment as per business requirement, if business requirement changes the suggested model should support changes as well.

Act as interface between Application & delivery team on security standards meets without interfering the application functionality and performance.

Solution architecture

Contributes to the development of solution architectures in specific business, automation, testing, or security areas.

Focuses on application security, vulnerability checks, high availability, scalability and fault tolerance for faster delivery and monkey chaos mechanism.

Produces specifications of cloud-based or on-premises components, tiers, and interfaces, for translation into detailed designs using selected services and products for automation process.

Supports a change program or project through the preparation of technical plans and application of design principles that comply with enterprise and solution architecture standards including security.

Systems design

Be a key member of an Agile team, collaboratively realizing features through the software development lifecycle

Guide and participate in design, development, unit testing, and deployment of life insurance products and services including enhancements and/or resolution of any issues that may be reported

Investigate and resolve complex customer issues

Work independently with a minimal level of guidance from technical leadership

Mentor other devsecops engineers, including design collaboration and code reviews

Research, validate, and recommend technology decisions for new features

Develops automation scripts and App engines to automate the governance of application management, security workflows

Updates and creates Azure cloud-native rulesets around security governance and industry best-practices.

Systems integration and build

Provides technical expertise to enable the configuration of software, other system components and equipment for systems testing.

Collaborates with technical teams to develop and agree system integration plans and report on progress.

Collaborates with technical teams to get resolved the security vulnerability issues, automation issues and report on progress.

Defines complex/new integration builds.

Ensures that development and integration test environments are correctly configured, and reports are generated correctly for SAST & DAST.

Designs the automation for unit test coverages report of the integration builds.

Identifies and documents system integration components for recording in the configuration management system.

Recommends and implements improvements to processes and tools for devsecops.

Risk Management and Mitigation

Analyse Process and systems to mitigate risk and provide solutions for non-stated functional requirements

Ensure all IT design and architecture risks are managed

Managing the Team

Review provided to technical, integration, database artifact, deployment, source code automation and security point of view if required

Mentor to the application development team on appropriate use of architecture, NodeJS/ Angular/ Java / J2EE and SOA design patterns

Mentoring the team on technical and business-related areas in any aspect of the application development, enhancement, or redesigning.

Help in coordination between different verticals of IT / DC Team

Being a Leader create path / process and get it implemented correctly, over a specific maturity level process needs to be handover to execution teams.

Misc

Ensure compliance to AIA and TALIC rules and standards

Constantly align with the IT team, Vendor team and business stakeholder

E Skills Required

Technical

Relevant experience into Linux administration and good knowledge of commands and performance improvement for Linux machines.

Relevant experience in getting implemented the DevSecOps as a culture across the organization; understand the DevSecOps, SCA/SAST/DAST tools, Security compliance initiatives, governance, automation skills.

Relevant Experience in Implementing infrastructure as code using hasicorp Terraform.

Relevant experience in Jenkins, Docker, Kubernetes, Helm, ServiceMesh, APIGateway, Vault.

Relevant experience working with On-prem and Azure public cloud or any other cloud (AWS/GCP) for implementing SAST/DAST/IAST using Snyk, StackHawk.

Relevant Experience in managing Azure Repo s as Code Repository management, user management and overall administration of Azure Devops Server.

Relevant Experience in Database Management and Query execution using Jenkins Flyway or Liquibase plugins.

Fundamental experience with Azure cognitive services (ML, AI, etc), Azure DevOps and Azure Data & Databases

Ability to effectively manage complex relationships

A communication style which positively impacts

Flexibility & resilience

Ability and willingness to challenge constructively and effectively

Good communication skills

University bachelor s degree or preferably with an Engineering degree in Computers or IT.

Technology Technical Skill:

Behavioral

Essential

Desired

Interpersonal skills

Communication skills

Creative thinking skills

Supervising/Leadership skills

Teamwork Skills

Influencing skills

Relationship Building skills

Decision making skills

F Incumbent Characteristics

Essential

Desired

Qualification

B.E /B.Tech / MCA

Docker Certified Administrator

Certified Kubernetes Administrator

Any Certification is a plus.

Experience

8 - 12 years of DevSecOps, Azure Cloud, Code Security, application monitoring and Realtime deployment architecture experience

DevSecOps using SAST/DAST and IAST using Snyk, StackHawk, Veracode, Checkmarx.

DevSecOps using Infra as Code, Configuration as Code, Security as Code, Policy as Code.

DevOps tools implementation for CI/CD/CT.

Good interpersonal and communication skills with ability to build productive relationships across the participants in the ecosystem

Knowledge of IBM WebSphere Application Server, Portal Server and Liberty Server, File Net, JMS will be plus.