DevSecOps Security Architect

Description

Job Summary: Credicorp Capital is seeking a DevSecOps Security Architect to design, evaluate, and implement secure technological architectures by integrating security controls into DevSecOps environments. Key Highlights: 1. Design and implement secure architectures in DevSecOps environments. 2. Promote the adoption of security-by-design practices. 3. Act as a liaison between business, technology, and security teams. **Credicorp Capital** invites you to Turn Challenges into Opportunities and become our next **DevSecOps Security Architect** on the **Technology** team in **Lima, Peru**. ***Mission:*** * Design, evaluate, and support the implementation of secure technological architectures, with emphasis on integrating security controls into DevSecOps environments, ensuring that IT solutions comply with corporate information security standards, the ISMS, and applicable regulatory frameworks (including DORA), aligned with the organization's risk appetite. * Serve as a liaison among business, technology, development teams, and security teams, promoting the adoption of security-by-design practices and security throughout the software development lifecycle (Secure SDLC). ***Responsibilities:*** * Design secure architectures integrated into DevOps environments and CI/CD platforms. * Establish guidelines and validate security controls in CI/CD pipelines (SAST, DAST, SCA); support the adoption of security tools such as GitHub Advanced Security (GHAS). * Assess risks across the software development chain and DevOps pipelines. * Ensure compliance with ISMS, security standards, and regulations (including DORA). * Define secure development guidelines, secret management, and infrastructure-as-code principles. * Evaluate technological architectures, including AI and cloud. ***Requirements:*** * Degree in Systems Engineering, Computer Science, Software Engineering, Electronics, or related fields. * Specialization in Information Security and/or Cybersecurity (mandatory). * Proven experience in: + Implementing security controls in DevOps / DevSecOps environments. + Integrating security tools into CI/CD pipelines. + Participating in secure development initiatives from the cybersecurity front. + Integrating security controls: SAST, DAST, SCA. + GitHub Advanced Security (GHAS). + Cloud security (primarily Azure). * Knowledge of: + ISMS and technological risk management + Security audits and regulatory compliance * Frameworks and standards: + Knowledge of DORA applied to technological risk and resilience + ISO 27001 / ISO 27017 / ISO 27018, NIST, PCI-DSS, Zero Trust * Additional knowledge: + APIs, microservices + Infrastructure-as-code (IaC) + Data security and encryption + Fundamentals of artificial intelligence and associated risks + Ethical Hacking (conceptual) + Secure development + Automation of security controls ***Desired Technical Skills:*** * Cloud security (AWS, GCP). * Application, API, microservice, and data security. * Ethical Hacking and hardening (conceptual). * Security applied to artificial intelligence architectures and data platforms. * Security in cloud platforms and distributed architectures. ***This posting is open to persons with disabilities.***