DevSecOps Lead in Bucuresti

You've picked a great time to join Avon. We're looking forward to the next chapter in our company's amazing story, and are looking for passionate people to join the team. If you'd like to become an Avon associate, this is your time!Role TypePermanentWhat you'll be doing:Working as a member of the Security Architecture team, the DevSecOps Lead will focus on the implementation, management and continuous improvement of security controls in Avon’s Software Development Life Cycle. The DevSecOps Lead will cooperate with Security Architecture and DevOps teams to implement defined security controls in the CI/CD pipeline. The DevSecOps Lead will advise development teams on how to design secure applications and cloud environments. As a person who understands deeply CI/CD pipeline technologies, the role will make decisions (based on security measures) about software deployment in production stage.Key responsibilities:Acting as a DevSecOps Lead you will:Implement, manage and continuously improve of security controls in Software Development Life CycleBe an Application security advisorMake decisions (based on security measures) about software deployment in production stagePerform required application security analyses (including: threat modeling, risk assessment, business impact etc.)Create and adjust automation for Pre-commit, Commit-time, Build-time, Test-time and Deploy-time checksClosely cooperate with the rest of architecting/project teamsWe'd love you to have:A bachelor's degree in Computer Science, Engineering, Information Security, or equivalent work experience5+ years of relevant professional experience (Agile development, Continuous Integration and development (CD/CD), Secure software development (SSDLC), Applications IT Security, Cloud Security)Proven hands-on experience with automation tools and scripting (Jenkins, Ansible, Terraform)Proven hands-on experience with SVN tools like Git, Bit Bucket, Github.Deep understanding about security concepts in EnterpriseKnowledge of industry regulations and requirements such as ISO27001, NIST, PCI-DSS, HIPAA and other industry standardsExperience in implementing and maintaining security controls and best practices for cloud components like VMs, microservices, serverless functionsKnowledge of application’s securityProgramming experience with scripting languages like Python, Bash, PowerShellExperience in development and operations of ELK (Elasticsearch, Logstash, and Kibana, Winlogbeat and Beats) stackExperience with AWS and/or Azure Cloud solutionsProven hands-on experience with container security tools like Twistlock, Aqua Security, Sysdig, SnykKnowledge of trouble ticketing systems/CRMStrong interpersonal and user service skillsProficient knowledge about enterprise processes based on ITILEnglish language skills (spoken and written)What we offer: Avon is proud to be an equal opportunities employer. Our priority is finding the best people for the job, regardless of sex, race, disability, sexual orientation, beliefs, religion, whether you're about to have a baby or are planning to have one. We're all about our people, and that's why we think we're one of the best companies to work for in the world!