Senior DevSecOps/Security Mentor

Posted 3 weeks ago

Worldwide

Summary

I'm a DevOps engineer (up to 3 years, AWS/Terraform/CDK/Python/Docker) specialising into DevSecOps. I'm working through a structured, hands-on programme building a real security portfolio, and I'm looking for a senior DevSecOps engineer to mentor me through it - sharing real project experience, building alongside me, and sharpening my judgement. What I'm actively building (and want guidance on): Secure CI/CD & supply chain - GitHub Actions OIDC to AWS (secretless auth), SHA-pinned actions, IaC scanning with Checkov and Trivy, secrets scanning with Gitleaks, SBOMs (CycloneDX), image signing with Cosign AWS security engineering - Amazon Inspector, GuardDuty response runbooks, Security Hub (CIS v3.0.0), IAM least-privilege, KMS, Secrets Manager, boto3 automation for findings triage Application security - SAST (Semgrep + custom rules), DAST (OWASP ZAP), IAST (Contrast), and understanding what each catches that the others miss Kubernetes security, RBAC, Pod Security Standards, Kyverno admission policies, NetworkPolicies, kube-bench, Falco runtime detection, External Secrets Operator / IRSA Detection & evidence - log ingestion into ELK, detection rules, threat modelling, and mapping controls to CIS / SOC 2 / ISO 27001 What I want from a mentor: Real hands-on project experience - I want to work through actual builds with you, not just talk theory. Pairing on real pipelines, infrastructure, and security tooling, and learning from projects you've shipped Structured sessions with clear progression, not ad-hoc Q&A Honest review of my real code, pipelines, and architecture decisions including my triage/justification discipline (why I fixed, suppressed, or accepted a finding) Help building senior-level judgement: scoping work, knowing when to pause for a sanity check, and framing decisions to stakeholders

  • Less than 30 hrs/week
    Hourly
  • 1-3 months
    Duration
  • Intermediate
    Experience Level
  • $10.00

    -

    $20.00

    Hourly
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Network Security
Security Analysis
Nice-to-have skills
Penetration Testing
Internet Security
Activity on this job
  • Proposals:10 to 15
  • Last viewed by client:2 weeks ago
  • Interviewing:
    13
  • Invites sent:
    19
  • Unanswered invites:
    4
About the client
Member since Sep 4, 2023
  • GBR
    Birmingham 10:05 PM
  • 1 hire, 0 active

Explore similar jobs on Upwork

Chef and Helpers for Biryani and GraviesFixed-price‐ Posted 4 weeks ago
Cooking
Docker
DevOps
Linux System Administration

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo