Techcombank

About the job Job Purpose:

The Manager of DevSecOps is responsible for providing communication, integration, automation, and fluid cooperation between all cross-functional teams to plan, develop, test, deploy, release, and maintain a solution; and leading DevSecOps sub-squads to design, implement, automate, and enhance the Continuous Delivery/Continuous Integration pipelines that represent the DevSecOps ways of working, workflows, and git operations to deliver functionalities from proof of concepts to an on-demand release of value to the end user.

Key Accountabilities (1)

Continuous Delivery Through DevSecOps Factory:

• Build, map, and optimize the delivery of Continuous Delivery pipelines by addressing key elements such as Process time, Lead time, Delay time, and Percentage of completion. and accuracy.

• Continuous Exploration by analyzing and researching the development and implementation of new technologies/features; modification and improvement of existing architectures; define and prioritize activities in the platform backlog according to its needs.

• Continuous Integration by building, and integrating features, and bugs fixing the new versions of services and platforms; automating end-to-end testing, and validating application services on non-production environments.

• Continuous Deployment of services and platforms from non-production all the way to production.

• Release applications/services features fast, efficiently, and first to market on demand of business.

DevSecOps Factory:

• Build, implement, improve, and measure DevSecOps factory: Tools Chain, Culture, Ways of Working, Mind Set

• Build, automate, enhance, and integrate security governance: Application và platform continuous security monitoring; API security Testing; Penetration testing; Protocol Fuzzing; Threat Modeling.

Report periodically to the Director of DevSecOps.

Key Accountabilities (2)

Optimization and compliance:

• Implement and enhance automated Test and Verification, with:

• Verification of expected business value.

• Defects found and fixed immediately (Roll forward)

• Increase visibility with automated generation of Information and Reporting, by providing:

• Dynamic self-service of information

• Customizable dashboards

• Cross-reference across organizational boundaries

• Engage stakeholders early and consistently throughout the SDLC, leading to few defects and incorrect requirements.

• Build trust between software engineering and IT, enable organic process improvement and risk mitigation.

• Maximize business value by enabling technical staff to adapt to changing requirements or environmental factors.

• Ensure that team members fulfill their commitments on service quality and comply with the Bank's regulations and policies.

Key Accountabilities (3)

PEOPLE MANAGEMENT

• Attract, onboard, and retain the right talents for a high-performing team

• Communicate team and individual KRAs/ KPIs, goals, action plans, expectations, and results to team members

• Manage team performance & provide feedback regularly (following the annual performance management cycle);

• Enable team member’s professional and personal development through capability assessment, training, coaching & feedback, etc.

• Motivate and recognize team members’ contributions towards the team’s shared goals

• Responsible for developing talents within the team

• Act as a role model and promote corporate culture at the sub-function level

• Understand & communicate relevant HR offerings to team members.

Success Profile - Qualification and Experiences

Qualifications

• Graduated from university majoring in Computer Science/Engineering, Software Engineering, or Information Technology.

Work Experience

• At least 6 years of relevant experience in software development and a minimum of 2 years of experience in DevSecOps setup.

• Expert knowledge of DevSecOps factory pipeline components and DevSecOps Metrics.

• Expert knowledge and working experience with public and hybrid cloud environments.

• Hands-on experience in code, commit, code review, document, test, integrate, QA, and monitor with frontend and backend languages and technologies.

• Expert knowledge and working experience with DevSecOps tools Chain and security governance.

• Expert knowledge and working experience with Infrastructure as Code and Configuration management.

• At least 3 years in a management position.