senior-secops
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.
Best use case
senior-secops is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.
Teams using senior-secops should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/senior-secops/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How senior-secops Compares
| Feature / Agent | senior-secops | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Senior Secops Complete toolkit for senior secops with modern tools and best practices. ## Quick Start ### Main Capabilities This skill provides three core capabilities through automated scripts: ```bash # Script 1: Security Scanner python scripts/security_scanner.py [options] # Script 2: Vulnerability Assessor python scripts/vulnerability_assessor.py [options] # Script 3: Compliance Checker python scripts/compliance_checker.py [options] ``` ## Core Capabilities ### 1. Security Scanner Automated tool for security scanner tasks. **Features:** - Automated scaffolding - Best practices built-in - Configurable templates - Quality checks **Usage:** ```bash python scripts/security_scanner.py <project-path> [options] ``` ### 2. Vulnerability Assessor Comprehensive analysis and optimization tool. **Features:** - Deep analysis - Performance metrics - Recommendations - Automated fixes **Usage:** ```bash python scripts/vulnerability_assessor.py <target-path> [--verbose] ``` ### 3. Compliance Checker Advanced tooling for specialized tasks. **Features:** - Expert-level automation - Custom configurations - Integration ready - Production-grade output **Usage:** ```bash python scripts/compliance_checker.py [arguments] [options] ``` ## Reference Documentation ### Security Standards Comprehensive guide available in `references/security_standards.md`: - Detailed patterns and practices - Code examples - Best practices - Anti-patterns to avoid - Real-world scenarios ### Vulnerability Management Guide Complete workflow documentation in `references/vulnerability_management_guide.md`: - Step-by-step processes - Optimization strategies - Tool integrations - Performance tuning - Troubleshooting guide ### Compliance Requirements Technical reference guide in `references/compliance_requirements.md`: - Technology stack details - Configuration examples - Integration patterns - Security considerations - Scalability guidelines ## Tech Stack **Languages:** TypeScript, JavaScript, Python, Go, Swift, Kotlin **Frontend:** React, Next.js, React Native, Flutter **Backend:** Node.js, Express, GraphQL, REST APIs **Database:** PostgreSQL, Prisma, NeonDB, Supabase **DevOps:** Docker, Kubernetes, Terraform, GitHub Actions, CircleCI **Cloud:** AWS, GCP, Azure ## Development Workflow ### 1. Setup and Configuration ```bash # Install dependencies npm install # or pip install -r requirements.txt # Configure environment cp .env.example .env ``` ### 2. Run Quality Checks ```bash # Use the analyzer script python scripts/vulnerability_assessor.py . # Review recommendations # Apply fixes ``` ### 3. Implement Best Practices Follow the patterns and practices documented in: - `references/security_standards.md` - `references/vulnerability_management_guide.md` - `references/compliance_requirements.md` ## Best Practices Summary ### Code Quality - Follow established patterns - Write comprehensive tests - Document decisions - Review regularly ### Performance - Measure before optimizing - Use appropriate caching - Optimize critical paths - Monitor in production ### Security - Validate all inputs - Use parameterized queries - Implement proper authentication - Keep dependencies updated ### Maintainability - Write clear code - Use consistent naming - Add helpful comments - Keep it simple ## Common Commands ```bash # Development npm run dev npm run build npm run test npm run lint # Analysis python scripts/vulnerability_assessor.py . python scripts/compliance_checker.py --analyze # Deployment docker build -t app:latest . docker-compose up -d kubectl apply -f k8s/ ``` ## Troubleshooting ### Common Issues Check the comprehensive troubleshooting section in `references/compliance_requirements.md`. ### Getting Help - Review reference documentation - Check script output messages - Consult tech stack documentation - Review error logs ## Resources - Pattern Reference: `references/security_standards.md` - Workflow Guide: `references/vulnerability_management_guide.md` - Technical Guide: `references/compliance_requirements.md` - Tool Scripts: `scripts/` directory
Related Skills
senior-developer
Embodies a senior frontend developer with 15+ years of experience building web applications. Provides expert guidance on UI architecture, component design, state management, CSS/styling, performance optimization, accessibility, debugging browser issues, and modern frontend tooling. Use when building UIs, debugging frontend issues, choosing frontend frameworks, or needing senior-level code review and mentorship.
senior-devops
Comprehensive DevOps skill for CI/CD, infrastructure automation, containerization, and cloud platforms (AWS, GCP, Azure). Includes pipeline setup, infrastructure as code, deployment automation, and monitoring. Use when setting up pipelines, deploying applications, managing infrastructure, implementing monitoring, or optimizing deployment processes.
senior-software-developer
Provides production-quality patterns, standards, and language-specific best practices for Python, C#, Node.js, and TypeScript. Used as the implementation guideline within test-driven-development workflow, or directly for architecture decisions and complex refactoring. Not invoked directly for new feature implementation - use test-driven-development instead.
senior-qa
Comprehensive QA and testing skill for quality assurance, test automation, and testing strategies for ReactJS, NextJS, NodeJS applications. Includes test suite generation, coverage analysis, E2E testing setup, and quality metrics. Use when designing test strategies, writing test cases, implementing test automation, performing manual testing, or analyzing test coverage.
senior-fullstack
Fullstack development toolkit with project scaffolding for Next.js/FastAPI/MERN/Django stacks and code quality analysis. Use when scaffolding new projects, analyzing codebase quality, or implementing fullstack architecture patterns.
senior-fullstack-ai-engineer
Senior full-stack developer with 10+ years of experience and AI engineering expertise. Builds production-ready applications using modern frameworks (Flask, FastAPI, React), AI/ML technologies (LLMs, RAG, model deployment), and cloud infrastructure. Use for all development tasks requiring full-stack and AI/ML implementation.
senior-frontend
Expert frontend development with React, Vue, and modern frameworks including component architecture, state management, performance optimization, and accessibility.
senior-frontend-expert
Use when developing frontend features, building components, optimizing performance, implementing UI/UX designs, managing state, reviewing frontend code, or working with React, Next.js, TypeScript, TailwindCSS, or CSS. Triggers on "build a component", "optimize performance", "review this code", "architect a feature", "fix a UI bug", "implement a design".
senior-frontend-developer-mindset
Sets the mindset for a senior frontend developer concerning code quality, maintainability, and testing. This encourages developers to focus on creating clean, efficient, and well-tested code.
senior-django-architect
Expert Senior Django Architect specializing in high-performance, containerized, async-capable architectures. Produces production-ready, statically typed, secure-by-default Django + DRF code. Enforces strict layered architecture (views/serializers/services/selectors/models), mandatory typing and Google-style docstrings, Ruff linting, pytest testing with 80%+ coverage, pydantic-settings configuration, ASGI-first deployment with Gunicorn+Uvicorn, multi-stage Docker builds with distroless runtime, and comprehensive security baselines. All code must be complete with zero placeholders.
senior-backend
Expert backend development covering API design, database architecture, microservices, message queues, caching, and system scalability.
senior-architect
This skill should be used when the user asks to "design system architecture", "evaluate microservices vs monolith", "create architecture diagrams", "analyze dependencies", "choose a database", "plan for scalability", "make technical decisions", or "review system design". Use for architecture decision records (ADRs), tech stack evaluation, system design reviews, dependency analysis, and generating architecture diagrams in Mermaid, PlantUML, or ASCII format.