Engineering SecurityComplianceSecOps

Senior SecOps

Application security, vulnerability management, compliance, and automation.

$skillfish add ~skills/senior-secops

Real Examples Get Started Models & Context

Real Conversations

See how the Senior SecOps skill responds to actual requests. These are representative examples of what your AI agent will produce.

You

We push to prod 10x/day and have no automated security scanning. Node.js and Python services. Want to fail CI on critical CVEs and get Slack alerts.

Agent

Automated Vulnerability Scanning Pipeline:

GitHub Actions workflow:

name: Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # Node.js — npm audit
      - name: npm audit
        run: npm audit --audit-level=critical
        continue-on-error: false  # fail CI on critical

      # Python — safety + pip-audit  
      - name: pip-audit
        run: |
          pip install pip-audit
          pip-audit --requirement requirements.txt --severity CRITICAL --fail-on CRITICAL

      # Container images — Trivy
      - name: Trivy image scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ${{ env.IMAGE_TAG }}
          severity: 'CRITICAL,HIGH'
          exit-code: '1'
          format: 'sarif'
          output: 'trivy.sarif'

      - name: Upload SARIF to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: 'trivy.sarif'

Slack alert on failure:

      - name: Notify Slack on critical vuln
        if: failure()
        uses: slackapi/slack-github-action@v1
        with:
          payload: '{"text":"CRITICAL vulnerability found in ${{ github.repository }} — ${{ github.sha }} — check Security tab"}'
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_SECURITY_WEBHOOK }}

Policy decision — don't block on HIGH initially: Start with --audit-level=critical only. Add HIGH after you've cleared the existing backlog, or you'll have 200 blocking failures on day one.

You

A teammate accidentally committed an AWS access key to a public GitHub repo 2 hours ago. We've rotated the key. What else do we need to do?

Agent

Incident Response — Exposed Credential:

Step 1 — Verify rotation is complete (do this first if not already done):

# Confirm the old key is deactivated
aws iam list-access-keys --user-name <username>
# Status should be 'Inactive' or the key deleted

# Check what the old key was used for in the last 2 hours
aws cloudtrail lookup-events \
  --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=AKIA... \
  --start-time 2024-01-01T10:00:00 \
  --end-time 2024-01-01T12:00:00

Step 2 — Audit CloudTrail for unauthorized activity:

Look for: CreateUser, CreateAccessKey, AttachUserPolicy, RunInstances, CreateBucket
Any of these from an unrecognized IP = active compromise, escalate immediately

Step 3 — Purge from git history:

# DO NOT just delete the file — it stays in git history
git filter-repo --path path/to/file/with/key --invert-paths
git push origin --force --all  # requires bypass protection temporarily

Step 4 — GitHub secret scanning:

GitHub will have already flagged it — check Security → Secret Scanning
Enable git-secrets or gitleaks pre-commit hook to prevent recurrence:

pip install detect-secrets
detect-secrets scan > .secrets.baseline
# Add to .pre-commit-config.yaml

Step 5 — Post-incident: If CloudTrail shows any unauthorized API calls, treat as full breach — notify security team, check for backdoors (new IAM users, Lambda functions, EC2 instances).

Get Started

How to install and use this skill in your preferred environment.

Skills are designed for AI coding agents (Claude Code, Cursor, Windsurf) and IDE-based workflows where the agent can read files, run scripts, and act on your codebase. Web-based AI can use the knowledge and frameworks, but won't have tool access.

Models & Context

Which AI models and context windows work best with this skill.

Recommended Models

Best

Claude Opus 4 Claude Sonnet 4 GPT-4.1 Gemini 2.5 Pro Grok 3 Kimi K2

Good

Claude Haiku 4.5 GPT-4.1 mini Gemini 2.5 Flash Grok 3 mini

Larger models produce more detailed, production-ready outputs.

Context Window

This skill's SKILL.md is typically 3–10 KB — fits in any modern context window.

8K Skill only

32K+ Skill + conversation

100K+ Skill + references + codebase

All current frontier models (Claude, GPT, Gemini) support 100K+ context. Use the full window for complex multi-service work.

Pro tips for best results

1

Be specific

Include numbers — users, budget, RPS — so the skill can size the architecture.

2

Share constraints

Compliance needs, team size, and existing stack all improve the output.

3

Iterate

Start with a high-level design, then ask follow-ups for IaC, cost analysis, or security review.

4

Combine skills

Pair with companion skills below for end-to-end coverage.

Ready to try Senior SecOps?

Install the skill and start getting expert-level guidance in your workflow — any agent, any IDE.

$skillfish add ~skills/senior-secops

← Browse all 169 skills