Full width home advertisement

Post Page Advertisement [Top]

I’ve been a security engineer for about 2 yrs now and I want to start picking up a specialization to better prep my future. This I thought of DevSecOps because of my knowledge of python, bash, and IaC (terraform and bicep). Along with some CICDs, Jenkins and Azure DevOps. But the part that is giving me second thoughts is the knowledge of some software development you need to properly secure what you are securing in the pipeline. So my question is how much software development does someone need to know to be a DevSecOps engineer? Or is it that you need to know the concepts of the languages, process, and how they are applied to software development in DevOps? I guess I also am not sure what to ask because I don’t know a lot about the field so people, please slurge and over share lol it’ll all be helpful!

Here are some of the top things I’ve done to better gauge my experience across 2yrs:

Developed and configured a log aggregation tool that I used to create parsing and filter logs to our long term storage to save about 100k/yr.

Developed custom tools to detect misconfigured firewall policy’s and discrepancies.

Created standard logging requirements that saved the company around 100k/yr (misconfigurations and storage locations)

Implemented SSO to a variety of security and other teams tools.

Created standard query and table formats to effectively reuse queries. (Mimicking Log Analytics/Sentinel tables to ADX using log aggregation tool I developed to parse/filter)

Designed and developed a tool to detect and alert if IaC scanning is implemented across all ADO pipelines.

Redesigned and implemented our entire azure virtual desktop infrastructure.

Designed and implement our entire AWS security. (There was no security on AWS so I implemented it all when I first started - no alerting or logging etc)

Deployed IaC infrastructure for different security tools. Standardized and documented security standards around kubernetes (which we have a large amount of since its where our customer infrastructure is hosted)

Performed security audits for teams onboarding new tools (security arch questionnaires) submitted by /u/Foolz_RUs
[link] [comments]


http://dlvr.it/T3C8FJ

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib