Expert in DevSecOps in Brussels (near-site) - European...

at  The White Team

CONTEXT/INTRODUCTION

At the Whiteam we are seeking an Expert in DevSecOps to join our team in Brussels and work with the European Commission. The assignment may change over time, according to the portfolio/project/service needs. Note that only CVs of EU citizens can be provided because the contractor will need to have access to sensitive non-classified information like, for instance, data with markings, personal data, or financial data (this list is not exhaustive).

LEVEL OF EDUCATION

As stated in the Article 2.6.3.1. of DIGIT-TM II Service requirements, a minimum educational qualification for lot 3 is: Level of education corresponding to Level 7 of the European Qualification Framework which typically corresponds to a master’s level or 5 years of higher education.

KNOWLEDGE AND SKILLS

Following skills and knowledge are required for the performance of the above listed tasks:

• Cloud
• Proficiency with cloud technologies and infrastructure especially AWS
• AWS expertise: solution delivery expertise, migration of applications to the cloud, automation through third-party tools, Infrastructure as code (IaC).
• Ability to design services to satisfy business objectives, based on the quality, compliance, risk and security requirements, delivering more effective and efficient IT and organisation solutions and services aligned to organisational needs.
• Solid knowledge of containers and their orchestration
• Solid knowledge and understanding of scripting and secure configurations for mainstream Linux operating systems.
• Knowledge of cloud logging, reporting, and monitoring solutions.
• Architecture
• Solid knowledge of micro-services architecture design, development, deployment, and instrumentation.
• Knowledge of a broad range of application architectures and languages.
• Data
• Knowledge of relational database management systems such as MS SQL, Oracle with an experience with working with big databases (at least 5TB in size).
• Knowledge of Machine Learning, Deep Learning and Artificial Intelligence technologies.
• Security
• Solid knowledge of secure application design and development in the cloud.
• Solid knowledge of network architecture, network security, TCP/IP, network virtualization and/or software defined networks.
• Miscellaneous
• Ability to apply high quality standards.
• Ability to cope with fast changing technologies.
• Analysis and problem solving skills.
• Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment.
• Excellent communication skills (both oral/written) including ability to clearly communicate risks and risk management issues to technologists and non-technologists.
• Ability to give business and technical presentations and actual experience with giving such presentations.

Due to the particular nature of a large international organisation such as the European Commission, candidates should also have the following non-technical skills:

• Capability of integration in an international/multicultural environment, rapid self-starting capability and experience in working in team;
• Ability to participate in multilingual meetings;
• Ability to work in multi-cultural environment, on multiple large projects;
• Excellent Team Player
• Ability to understand, speak and write French (B1/B2);
• High degree of discretion and integrity is required as the applications managed and maintained in DIGIT.A.4 contain personal and confidential data

DESCRIPTION OF THE TASKS

Following tasks will be performed by external service provider:

• DevSecOps
• Plan, implement, upgrade DevSecOps pipelines
• Facilitate the continuous delivery of IT applications by using Application Lifecycle Management and automation tools.
• Develop metrics and dashboards to measure and validate the effectiveness.
• Promote the usage of DevSecOps methodologies for IT projects.
• Provide technical support to DevSecOps team.
• Conduct research to find ways to improve operations.
• Architecture & infrastructure
• Define and maintain the architectural frameworks/patterns, processes, standards, and guidelines related to systems, business or data architecture.
• Work closely with data experts to develop and deliver data-oriented architecture solutions.
• Support technical analysis and recommendations (e.g., evaluate and select vendor products based on functional, security and operational requirements; review and comment on their functionalities).
• Review of the architecture of existing systems to migrate of existing system in the cloud.
• Interact with the business analysts, solution architects, project leaders and the developers.
• Provide technical and architectural subject matter expertise to the various development teams including communicating architectural decisions and mentoring other technical staff around the various security technologies and decisions.
• Define, review, maintain and help executing cloud exit strategy.
• Security
• Design security controls, processes and procedures for systems implemented using public cloud.
• Implement technological solutions dedicated to security and data protection in public cloud.
• Evaluate systems for discrepancies or vulnerabilities.
• Architect and design API Security, Container Security, Cloud Security.

Following skills and knowledge are required for the performance of the above listed tasks:

• Cloud
• Proficiency with cloud technologies and infrastructure especially AWS
• AWS expertise: solution delivery expertise, migration of applications to the cloud, automation through third-party tools, Infrastructure as code (IaC).
• Ability to design services to satisfy business objectives, based on the quality, compliance, risk and security requirements, delivering more effective and efficient IT and organisation solutions and services aligned to organisational needs.
• Solid knowledge of containers and their orchestration
• Solid knowledge and understanding of scripting and secure configurations for mainstream Linux operating systems.
• Knowledge of cloud logging, reporting, and monitoring solutions.
• Architecture
• Solid knowledge of micro-services architecture design, development, deployment, and instrumentation.
• Knowledge of a broad range of application architectures and languages.
• Data
• Knowledge of relational database management systems such as MS SQL, Oracle with an experience with working with big databases (at least 5TB in size).
• Knowledge of Machine Learning, Deep Learning and Artificial Intelligence technologies.
• Security
• Solid knowledge of secure application design and development in the cloud.
• Solid knowledge of network architecture, network security, TCP/IP, network virtualization and/or software defined networks.
• Miscellaneous
• Ability to apply high quality standards.
• Ability to cope with fast changing technologies.
• Analysis and problem solving skills.
• Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment.
• Excellent communication skills (both oral/written) including ability to clearly communicate risks and risk management issues to technologists and non-technologists.
• Ability to give business and technical presentations and actual experience with giving such presentations

Following specific expertise is mandatory for the performance of tasks:

• Experience, of at least 5 years, with public cloud environments and technologies covering at least:
• Migrating or natively building software, including monolithic applications, microservices, etc.
• Designing and securing data-oriented solutions
• Defining, reviewing or executing cloud exit strategies
• Experience, of at least 3 years, with Amazon Web Services covering the following domains: cloud architecture and security fundamentals, containers and their orchestration, networking, high availability design, multi-cloud, serverless compute, infrastructure as code.
• Experience, of at least 3 years, as a DevSecOps engineer covering all of the following topics:
• Infrastructure as code: Terraform, Ansible or similar related technologies
• CI/CD and pipelines: Gitlab or similar technologies
• Docker, Kubernetes and similar
• Design and implementation of automation scripts: Python, Perl, bash, or similar Linux scripting
• Linux management.
• Experience, of at least 3 years, in working in Agile/Sprint based IT project methodologies
• Good knowledge with enterprise logging and monitoring solutions, analysis, and correlation of logs.
• Knowledge in modular and microservices architecture pattern

At least one of the following certificates & standards are required for the performance of tasks:

• AWS Certified DevOps Engineer – Professional; or
• Certified DevSecOps Professional (CDP); or
• An equivalent certification to be approved by the requesting unit