Information Security Lead

Who are we?

Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers’ innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers’ migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $5.00 billion in fiscal 2024. For more information, visit www.amdocs.com

In one sentence

As Information Security Team Lead specializing in DevSecOps, you'll partner with Amdocs development teams to seamlessly integrate security tools into our CI/CD pipeline. 
You'll oversee the security tools environment while driving automation initiatives through scripting, test development, and monitoring dashboards.

The role requires staying ahead of emerging security code scan threats and collaborating with teams to implement robust protection measures. You'll guide R&D teams in adopting secure development practices and provide expert security consultation to diverse teams across product development, engineering, and services departments.

What will your job look like?

1. Manage a team of DevSecOps security analysts and implementation engineers
2. Implement DevSecOps tools in all product dev environments
3. Follow up with staff members to ensure completion of security-related tasks
4. Manage and maintain Security health check of the integrated automation.
5. Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs.          
6. Analyze the implementation needs and provide effort estimation to the users
7. Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation.
8. Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
9. Liaise with development and infra teams to get the defect resolutions
10. Onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge.
11. Working with external vendors for support, manage the relevant vendor employees and make sure the support is performed as planned
12. Maintaining hardware and software deployment and POC planning 

All you need is...

Must-Have

• 3+ years of experience in leading a team (team of security analysts is preferrable)
• 5+ years of relevant experience in information Security DevSecOps
• Total experience  – 6-8 years
• Extensive expertise in Application security and security architecture area.
• Hands on experience in SAST Tools (e.g. Checkmarx), Container Scanning tools (Twistlock, Wiz)
• Expertise in Security code reviews and onboarding process for managing false positives
• 5+ years’ experience in FOSS security issues and security hardening (CIS benchmarks)
• 3+ years’ experience in setting up continuous integration and continuous delivery systems
• 2-3 years’ experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase, Github actions
• Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy
• Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts
• Great Communication skills – (Ability to communicate with a Developer, a Manager or Director level).
• Project Management Skills
• 2-3 years’ basic understanding of Cloud Platforms
• BS in Computer Science, or equivalent
• Working in Agile/Scrum team

 
Nice to have:

• Familiarity with REST Services, Service Oriented Systems and Micro-services architecture
• Scripting skills in at least one of the following:  Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh)
• Knowledge in distributed systems, software and network security preferred.
• Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems
• Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
• 2+years of experience on docker /k8S

Why you will love this job:

• You will have the opportunity to work with the industry most advanced technologies and experts in a global company
• You will have opportunities to evolve yourself in the future of all cutting-edge technologies and business trends.
• You will be working with a great team