Senior Officer, Devsecops (40001147)

Senior Officer, DevSecOps

The Senior Engineer, DevSecOps is responsible for providing communication, integration, automation, and fluid cooperation between all cross-functional teams to plan, develop, test, deploy, release, and maintain a solution; executing the design, implementation, automation, and enhancement of the Continuous Delivery/Continuous Integration pipelines that represent the DevSecOps ways of working, workflows, and git operations to deliver functionalities from proof of concepts to an on-demand release of value to the end user.

Main work:

• Continuous Delivery Through DevSecOps Factory:
• Build, map and optimize the delivery of Continuous Delivery pipelines by addressing key elements such as: Process time, Lead time, Delay time, Percentage of completion and accuracy.
• Continuous Exploration by analyzing and researching the development and implementation of new technologies/features; modification and improvement of existing architectures; define and prioritize activities in the platform backlog according to its needs.
• Continuous Integration by building, integrating features, bugs fixing the new versions of services and platforms; automating end-to-end testing and validating application services on non-production environments.
• Continuous Deployment of services and platforms from non-production all the way to production.
• Release applications/services features fast, efficiently, and first to market on demand of business.

DevSecOps Factory:

• Build, implement, improve and measure DevSecOps factory: Tools Chain, Culture, Ways of Working, Mind Set
• Build, automate, enhance, and integrate security governance: Application và platform continuous security monitoring; API security Testing; Penetration testing; Protocol Fuzzing; Threat Modeling.
• Report periodically to the Director of DevSecOps.

Optimization and compliance:

• Implement and enhance automated Test and Verification, with:
• Verification of expected business value.
• Defects found and fixed immediately (Roll forward)
• Increase visibility with automated generation of Information and Reporting, by providing:
• Dynamic self-service of information
• Customizable dashboards
• Cross-reference across organizational boundaries
• Engage stakeholders early and consistently throughout the SDLC, leading to few defects and incorrect requirements.
• Build trust between software engineering and IT, enable organic process improvement and risk mitigation.
• Maximize business value by enabling technical staff to adapt to changing requirements or environmental factors.
• Ensure that team members fulfill their commitments on service quality and comply with the Bank's regulations and policies.

Success Profile - Qualification and Experiences:

Qualifications - Graduated from university majoring in Computer Science/Engineering, Software Engineering or Information Technology. Work Experience - At least 5 years of relevant experience in software development and minimum 2 years of experience in DevSecOps setup. Expert knowledge of DevSecOps factory pipeline components and DevSecOps Metrics. Expert knowledge and working experience with public and hybrid cloud environments. Hands-on experience on code, commit, code review, document, test, integrate, QA, monitor with frontend and backend languages and technologies. Expert knowledge and working experience with DevSecOps tools Chain and security governance. Expert knowledge and working experience with Infrastructure as Code and Configuration management. Foreign language - English, according to TCB's regulations in each period.