Project Overview:

We need a DevSecOps specialist to embed security tools and practices directly into our CI/CD pipeline. The project's goal is to identify and address security vulnerabilities early in the development lifecycle, shifting our security approach from reactive to proactive.

Business Problem:

Security is currently handled late in our release cycle, leading to costly and time-consuming fixes. We need to prevent vulnerabilities from reaching production and make security an integral part of our development process.

Business Path After Completion:

Our software delivery will be more secure by design. The development team will receive instant feedback on security vulnerabilities, reducing the time and effort spent on remediation. This will lead to a more secure product and increased customer trust.

Freelancer Responsibilities:

• Analyze the existing CI/CD pipeline for security weak points.
• Integrate automated security scanners (SAST, DAST, SCA) into the pipeline.
• Implement a secrets management solution (e.g., HashiCorp Vault) to secure credentials.
• Configure automated vulnerability scanning for containers and dependencies.
• Create documentation on the new security measures and best practices.

Required Expertise:

• Proven experience with DevSecOps principles.
• Familiarity with security scanning tools (e.g., SonarQube, OWASP ZAP).
• Experience with secrets management (Vault, AWS Secrets Manager).
• Strong knowledge of CI/CD tools (e.g., Jenkins).

Employer Expectations:

• A detailed plan outlining the security integration strategy.
• A final report on the security improvements.
• Communication via a project management tool like Jira.

Who We're Looking For:

A security-minded DevOps expert who understands the full software development lifecycle. You should have a proactive mindset and be passionate about preventing security issues before they happen. Your expertise in integrating and automating security tools will be key to the success of this project.

Deliverables:

• A CI/CD pipeline with integrated security tools.
• A secrets management solution configured for our needs.
• A security best practices guide for the team.