View all jobs
Snyk Consultant (m/f/d) - February 2024
Düsseldorf, North-Rhein-WestfalenFor one of our clients in the energy sector, we are looking for a Snyk Consultant (m/f/d)
1. Project name: DevSecOps
2. Project description:
The Hosting and Cloud Technologies (HaCT) development support team manages a Secure Development Platform. It enables application development teams to manage their development lifecycle in the client's Cloud Development Platform based on Azure DevOps, GitHub, SonarCloud and Snyk. Future enhancements of the customer's Cloud Development platform are planned, implemented, and tested.
3. Background to the assignment:
As part of the DevSecOps project the client will introduce a new security tooling for application development teams. The planned tool is Snyk. The customer lacks profound expertise with the tool and is looking for an experienced external consultant that is an expert in application development security and the Snyk toolset. Therefore, the external consultant has a unique position compared to the client's internal project staff and provides significantly different services than the internal staff.
4. Detailed description of the agile method/services:
The project is executed as an agile project following the scrum method. The services, among others, will be provided within the framework of an agile development method: The concrete activities required to implement the below-mentioned services commissioned to the Contractor will be iteratively coordinated between the parties in sprint meetings and implemented by the Contractor within the sprints following the sprint meetings. Prior to each Sprint Meeting, the Contractor shall independently check on the basis of its professional assessment which individual services it considers appropriate and feasible within the scope of its assignment in the respective sprint.
The sprints each have a duration of 4 weeks so that the sprint meetings take place daily as needed (scrum meetings) and monthly (review and planning).
5. Task description - The scope of services includes the following tasks, which are performed independently:
Duration: 8 months +
Location: Remote
Workload: Full-Time
1. Project name: DevSecOps
2. Project description:
The Hosting and Cloud Technologies (HaCT) development support team manages a Secure Development Platform. It enables application development teams to manage their development lifecycle in the client's Cloud Development Platform based on Azure DevOps, GitHub, SonarCloud and Snyk. Future enhancements of the customer's Cloud Development platform are planned, implemented, and tested.
3. Background to the assignment:
As part of the DevSecOps project the client will introduce a new security tooling for application development teams. The planned tool is Snyk. The customer lacks profound expertise with the tool and is looking for an experienced external consultant that is an expert in application development security and the Snyk toolset. Therefore, the external consultant has a unique position compared to the client's internal project staff and provides significantly different services than the internal staff.
4. Detailed description of the agile method/services:
The project is executed as an agile project following the scrum method. The services, among others, will be provided within the framework of an agile development method: The concrete activities required to implement the below-mentioned services commissioned to the Contractor will be iteratively coordinated between the parties in sprint meetings and implemented by the Contractor within the sprints following the sprint meetings. Prior to each Sprint Meeting, the Contractor shall independently check on the basis of its professional assessment which individual services it considers appropriate and feasible within the scope of its assignment in the respective sprint.
The sprints each have a duration of 4 weeks so that the sprint meetings take place daily as needed (scrum meetings) and monthly (review and planning).
5. Task description - The scope of services includes the following tasks, which are performed independently:
-
- Professionally consult the application teams regarding the ramp-up of the Snyk platform in conjunction with Azure DevOps and GitHub Enterprise based on own knowledge and experience.
- Define and implement client's roles in Snyk according to client standard roles. Requirements will be defined in the product backlog items by the customer. The role implementation will be signed off by the client
- Set up a central reporting in Snyk to provide a company-wide view on application development health.
- Develop client's specific security profiles in Veracode that serve as standard for client's development projects.
- Create Sharepoint articles for end users on how to use the Veracode platform and present this Sharepoint documentation to the customer for a sign off.
- Independently provide professional consultation services via online calls and email to the application development teams regarding pipeline configuration, team setup, permission setup and source code setup in Azure DevOps and GitHub to use Veracode. Application development teams are the consumers of Hosting and Cloud Technologies (HaCT) development support team services.
Project summary / background - DevSecOps:
- already ongoing project
- Development of new security processes for the application development team
- Veracode platform: not yet fully integrated
- Improve security
- Develop and improve the client’s Cloud Development Platform
- Insure development activities
- Find out new ones Development guidelines
- Research into the vulnerabilities of the platformAdditional information
- a total of around 200 developers
- Workshops with around 12 people
-
- Advising the teams on topics like Azure DevOps and GitHub for Snyk
- Holding workshops for the development teams via Teams
- Consultations with the development team
- Creating posts and documentation in Sharepoint about the use of Snyk
- Answering the questions of the Development teams
- Finding ideas for the development team in solving security vulnerabilities
Requirements:
Start: February 2024-
- Experience with Snyk Platform
- Experience in DevOps and Github
- English - must; German - nice to have
- Security focused
- Experience with Sharepoint
- Experience in documenting technical knowledge
Duration: 8 months +
Location: Remote
Workload: Full-Time