Beschreibung
A prestigious financial firm is on the search for a Container Security Implementation Contractor. This can be a fully remote position. This contractor will focus on implementation of Sysdig Scan on Docker and they will report vulnerabilities to the developers. This role requires experience with CICD, Docker, Containers, Python, Bash JSON, and Jenkins.
Responsibilities:
- Project Lead for Container Security Implementation: Lead/drive the imbedded company developer(s) in performing the work outlined below:
- Release container that performs Sysdig scan on Docker and reports the vulnerabilities to the developers and stores reports in the pipeline and inside a local repository.
- Develop Jenkins step to have code that is staged for prod open preliminary tickets in company's ticketing system.
- Integrate CVSS Scoring
- Create verification rule in CICD pipeline
- Update GSD readmes/user guides
- Create initial container - this is drafted needs to push to prod
- Implemented container security solution and tied to the company's ticketing system.
- Documentation for knowledge transfer, as needed
- Enhance Application Vulnerability Reporting
- Automate vulnerability reporting from CICD to company's ITSM tool. Current vulnerability scanning tools: Black Duck, Veracode, Sysdig
- Collect the right metadata to send through API to connect to OCCs ITSM tool
- Work with ServiceNow team to build release approvals step and have Jenkins re-run after the approval has changed the ticket severity, if needed.
Qualifications:
- Ability to write Custom Docker Container
- Experience coding in Python, Java, and Bash Scripting
- Jenkins pipeline experience
- Need to be able to build stages in Jenkins pipeline
- Scanner will execute within one of the Jenkins stages
- API integration experience for Jenkins to repos and scanner
- Needs to be able to parse JSON reports