[Job-19070] Architect (Security & DevSecOps Support), Colombia

In the role of an Architect in Security & DevSecOps Support at CI&T, your main responsibilities include designing secure CI/CD pipelines, collaborating with cross-functional teams to optimize DevSecOps practices, and participating in security assessments of CI/CD processes. You'll also assist in the development of security frameworks and guidelines while helping to identify vulnerabilities and recommend strategies for mitigation.

To qualify for the Architect in Security & DevSecOps Support position at CI&T, candidates should have a solid understanding of software development methods, familiarity with CI/CD tools like Jenkins or GitLab, and knowledge of security principles including application and cloud security. Proficiency in scripting languages like Python or Bash, alongside familiarity with containerization technologies such as Docker, is highly valued.

Architects in Security & DevSecOps Support at CI&T frequently use CI/CD tools such as Jenkins, CircleCI, and GitLab CI. They also often work with security tools for vulnerability scanning and conduct assessments as part of their responsibilities to ensure security is embedded within development processes.

CI&T is committed to continuous learning for all its employees, including Architects in Security & DevSecOps Support. Through initiatives such as CI&T University, team members are provided with opportunities to evolve their skills, stay informed about emerging technologies in security and DevSecOps, and keep their knowledge current in this ever-evolving field.

An Architect in Security & DevSecOps Support at CI&T might conduct various security assessments including audits of CI/CD tools and processes, vulnerability assessments of applications, and compliance checks within the development pipeline to ensure all security practices are being adhered to.

A CI/CD pipeline is a set of automated processes that allow developers to integrate changes into the codebase and deploy those changes quickly and reliably. Its significance lies in its ability to accelerate development cycles while ensuring that code remains tested and secure throughout the process.

Integrating security into the CI/CD pipeline involves implementing security best practices at every stage of the development lifecycle. This includes automated security testing, code analysis during the build phase, and compliance checks before deployment. It's crucial to foster a culture of security awareness among development teams.

I have hands-on experience with containerization platforms like Docker, along with orchestrators such as Kubernetes. This experience includes deploying secure applications in containers, managing deployments, and scaling applications effectively while maintaining a focus on security.

I have worked with various security tools, including vulnerability scanners to identify weaknesses in applications, static and dynamic code analysis tools to enforce coding standards, and automation scripts for running security assessments as part of the CI/CD pipeline.

Ensuring compliance with security frameworks involves understanding the requirements of frameworks like GDPR or HIPAA and implementing controls and practices that satisfy those requirements. Regular audits, risk assessments, and team training are also crucial to maintain compliance.

In a previous project, I discovered a significant vulnerability in a web application during a security assessment. I collaborated with the development team to create a patch, documented the process, and established a set of best practices to prevent similar issues in the future.

I stay updated with the latest cybersecurity trends by following industry-leading blogs, participating in webinars, engaging in online communities, and pursuing continual education through certifications and workshops to deepen my knowledge and skills.

Collaboration is key in DevSecOps as it fosters a shared responsibility for security across development, operations, and security teams. When teams work together effectively, they can build security into the development process, streamline communication, and enhance overall project outcomes.

In my previous role, I automated security testing in CI/CD pipelines by integrating security scanning tools into our build process. This allowed us to catch vulnerabilities early, triggered alerts on failures, and provided developers with immediate feedback to address issues quickly.

One of the most significant challenges in DevSecOps is balancing speed and security. As organizations strive for quicker releases, integrating security without slowing down the development process requires strategic planning, stakeholder buy-in, and effective tooling to achieve optimal workflows.