Job Title: DevSecOps Specialist with SonarQube Expertise
Key Responsibilities:
1. SonarQube Integration and Management:
- Configure, maintain, and optimize SonarQube for continuous code quality and security analysis.
- Set up rules and quality gates to enforce secure and high-quality coding practices.
2. DevSecOps Pipeline Implementation:
- Integrate security tools, including SonarQube, into CI/CD pipelines (e.g., Jenkins, GitLab CI/CD, Azure DevOps).
- Automate security checks and ensure compliance with coding standards.
3. Application and Code Security:
- Perform vulnerability assessments using SAST tools and recommend fixes.
- Work with development teams to address issues identified by SonarQube and other tools.
4. Infrastructure and Cloud Security:
- Implement secure infrastructure practices and ensure compliance with security policies.
- Support container security for Kubernetes, Docker, and similar platforms.
5. Monitoring and Incident Response:
- Monitor systems and code repositories for vulnerabilities and performance issues.
- Assist in incident response related to application security.
6. Training and Documentation:
- Conduct training sessions for development teams on secure coding practices.
- Document best practices for using SonarQube and other tools.
Required Skills and Qualifications:
Education: Bachelor's degree in Computer Science, Information Security, or a related field.
Experience:
- 5+ years in DevSecOps or Application Security.
- Hands-on experience with SonarQube in large-scale environments.
- Familiarity with CI/CD tools Azure DevOps.
Technical Skills:
- Knowledge of secure coding standards (e.g., OWASP, NIST).
- Experience with container orchestration (Kubernetes, Docker) and IaC tools (Terraform, Ansible).
