For one of our clients in the utilities industry we’re looking for a freelance Secure SDLC Consultant:
Project description: Currently there are no overall policies or guidelines to help application developers to utilize the Azure DevOps environment in a secure and resilient way.
Objective of the project is to analyse the current DevOps Lifecycle and define the target state. Documentation needs to be created to describe the Software development governance and define policies.
Existing tools to support identifying software vulnerabilities in the development cycle are to be analysed and assessed.
Background to the assignment: The client does not have defined a Secure Software Development Lifecycle due to a lack of software development know-how (nearly all development is done by externals). As a consequence an external consultant with experience in software development governance is needed to deliver the advertised tasks.
Therefore, the external consultant has a unique position compared to the client's internal project staff and provides significantly different services than the internal staff.
Identify and document gaps in the existing Secure Software Development Lifecycle
Define a governance framework for a modern Secure Software Development Lifecycle (definition of policies, roles and responsibilities) based on DevSecOps principles and taking the previously identified gaps into consideration.
Identification of gaps in central tooling for DevSecOps activities and document them in a gap analysis presentation.
Define and document selection criteria for additional tooling to fill the identified gaps. The selection criteria should be based on industry-wide security standards.
Create Secure Development Lifecycle guideline based on the defined framework and provide it to the client for a sign off.
Solid experience in the introduction of a secure Software Development Lifecycle framework in an organization
Good overview of security tooling in the software development area
Fluency in English language (verbal and writing)
Experience with CI/CD pipeline tools (preferably Azure DevOps)
Effective communication and presentation skills
Microsoft Azure Know-How (nice to have)
ITIL certification (nice to have)
IT Security certification in development area (nice to have)