Position Summary:
科技与理想, 东亚为您创建!
加入我们, 开启您的卓越科技之旅!
This position is based in Guangzhou Branch Office, under the employment of East Asia Digital Information Services (Guangdong) Limited (EADIS).
East Asia Digital Information Services (Guangdong) Limited, established in 2002, provides back-office support on Technology and Operations services to cater for the growth needs of the Bank’s Hong Kong, Chinese Mainland and overseas operations.
We are seeking a highly skilled and motivated DevSecOps Engineer to join our team. The ideal candidate will have a strong background in software development, DevOps practices, and security, with a deep understanding of tools such as Jenkins, BDD (Behavior-Driven Development), and ELK (Elasticsearch, Logstash, Kibana) stack. This role will be responsible for integrating security into the software development lifecycle, ensuring the secure and efficient delivery of our products and services.
Key Responsibilities:
1.DevSecOps Integration: Develop and implement DevSecOps practices and tools to ensure security is integrated into every stage of the software development lifecycle, from design to deployment. Continuous Integration/Continuous Delivery (CI/CD):
2.Utilize Jenkins and other CI/CD tools to automate build, test, and deployment
processes, ensuring rapid and secure delivery of software. Behavior-Driven
Development (BDD):
3.Collaborate with cross-functional teams to define acceptance criteria and automate tests using BDD frameworks, ensuring software meets business requirements and security standards. Security Audits and Reporting:
4.Conduct regular security audits and reviews of code, systems, and processes, preparing detailed reports and recommendations for improvement. ELK Stack Management: Manage and optimize the ELK stack for log management, monitoring, and security analytics, enabling proactive detection and response to security incidents. Automation: Develop and maintain automation scripts and tools to streamline security testing, vulnerability scanning, and incident response processes.
5.Collaboration and Communication: Collaborate closely with development, QA, and security teams to ensure seamless integration of security practices into the software development process. Communicate complex technical information to non-technical stakeholders.
6.System Architecture and Optimization: Participate in the design and optimization of system architecture, ensuring scalability, security, and performance. Documentation: Prepare and maintain technical documentation, including security policies, procedures, and system architecture diagrams.
7.Continuous Learning and Improvement: Stay up-to-date with the latest trends, tools, and best practices in DevSecOps, security, and software development.
Requirements:
1.Bachelor's or Master's degree in Computer Science, Information Technology, or a related field. 5+ years of experience in software development,
2.DevOps, and security, with a strong understanding of DevSecOps principles and practices. Proficient in Jenkins, BDD frameworks (e.g., Cucumber, SpecFlow), and ELK stack.
3. Experience with containerization technologies (e.g., Docker, Kubernetes) and cloud platforms (e.g., AWS, Azure, GCP).
4.Strong understanding of software development lifecycles, including Agile and DevOps methodologies. Familiarity with security concepts, tools, and best practices, including vulnerability scanning, penetration testing, and incident response.
5.Excellent problem-solving, communication, and collaboration skills. Ability to work independently and in a fast-paced, dynamic environment.
6.Strong sense of ownership, responsibility, and attention to detail. Nice-to-Have: Experience with additional CI/CD tools (e.g., Travis CI, CircleCI).
7.Knowledge of programming languages commonly used in DevOps (e.g., Bash, Python, Ruby).
8.Familiarity with DevOps culture and principles, including continuous improvement and automation.