eTeam
1. Development Team (Dev)
- Write secure code using best practices and frameworks.
- Perform unit and integration tests with security in mind.
- Use approved third-party libraries (monitor with SCA tools).
- Fix vulnerabilities reported by SAST, DAST, or security reviews.
- Collaborate with security on threat modeling.
- Define and enforce secure coding standards and policies.
- Run vulnerability assessments and penetration tests.
- Perform threat modeling and security design reviews.
- Provide training on secure development practices.
- Monitor compliance with security regulations (e.g., GDPR, HIPAA).
- Select and manage AppSec tools (e.g., SAST, DAST, SCA).
- Manage secure infrastructure (e.g., networks, servers, containers).
- Implement Infrastructure as Code (IaC) with security scanning.
- Ensure CI/CD pipelines are secured (access controls, secrets).
- Monitor runtime environments for anomalies (SIEM, EDR tools).
- Handle incident response and patching.
- Bridge the gap between Dev, Sec, and Ops.
- Integrate security tooling into CI/CD pipelines .
- Automate security scans (code, container, IaC).
- Educate teams about security best practices.
- Monitor pipeline results and ensure remediation processes are followed.
- Continuously improve the security posture of the SDLC.