Early Practitioner – Fundamentals of DevSecOps

Job Overview

This short-term, remote contract engagement involves completing a practitioner-level skills assessment and a brief post-assessment survey for validation and standard-setting purposes. The role requires applied, real-world experience in Fundamentals of DevSecOps and takes approximately 1–2 hours to complete within a 5-business-day access window.

Responsibilities

• Complete a practitioner-level skills assessment on DevSecOps fundamentals.
• Complete a short post-assessment survey providing feedback on the experience.

Qualifications

• Current practitioner with hands-on experience in DevSecOps fundamentals.
• Ability to explain core components and methodologies of DevSecOps.
• Knowledge of the DevSecOps manifesto and appropriate use cases.
• Understanding of differences between DevOps and DevSecOps, including roles and responsibilities.
• Familiarity with DevSecOps maturity model milestones.
• Experience with DevSecOps requirements across OWASP SDLC phases (Plan, Code, Build, Test, Release, Operate).
• Applied knowledge of Security Governance, compliance as code, Threat Modeling, and STRIDE methodology.
• Skills in performing automated vulnerability scans using tools like OWASP ZAP, nikto, and trivy.
• Experience integrating automated security testing into CI/CD pipelines.
• Knowledge of static and dynamic code analysis, git hooks, linters, dependency checking, and preventing secrets in source control.
• Ability to optimize logging, monitoring, alerting, and define response strategies for security incidents.
• Understanding of Security Metrics for continuous improvement.