DevSecOps Engineer

Job Summary:

We are seeking a highly skilled DevSecOps Engineer to join our team and help integrate security at every phase of the software development lifecycle.

The ideal candidate will have a strong background in DevOps, cloud infrastructure, and cybersecurity, with a focus on automation, continuous integration/continuous delivery (CI/CD), and secure coding practices.

Key Responsibilities:

• Implement and maintain security tools and practices within CI/CD pipelines.
  
  
• Automate security scanning (SAST, DAST, SCA, container security, etc.) and integrate them into build and deployment processes.
  
  
• Collaborate with development, operations, and security teams to ensure secure code deployment.
  
  
• Conduct threat modeling, risk assessments, and vulnerability management.
  
  
• Manage secrets and credentials securely using tools like HashiCorp Vault, AWS Secrets Manager, etc.
  
  
• Monitor and respond to security incidents and alerts.
  
  
• Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, SOC2, GDPR, NIST).
  
  
• Define and enforce policies related to secure code development and infrastructure security.
  
  
• Maintain infrastructure as code (IaC) using Terraform, CloudFormation, etc., with security best practices.
  
  
• Educate developers and operations teams on secure coding and cloud security practices.
  
  

Required Skills & Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience).
  
  
• 5+ years of experience in DevOps, cloud security, or a related role.
  
  
• Strong knowledge of cloud platforms (AWS, Azure, GCP).
  
  
• Proficiency in CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, etc.).
  
  
• Experience with security scanning tools: Snyk, SonarQube, Checkmarx, Aqua, Twistlock, etc.
  
  
• Familiarity with IaC tools (Terraform, Ansible, Chef, etc.).
  
  
• Programming/scripting skills in Python, Bash, Go, or similar.
  
  
• Experience with containerization and orchestration (Docker, Kubernetes).
  
  
• Understanding of application security principles (OWASP Top 10, secure SDLC).
  
  
• Strong problem-solving and analytical skills.
  
  
• Excellent communication and collaboration abilities.
  
  

Preferred Qualifications:

• Security certifications such as CISSP , CEH , OSCP , AWS Security Specialty , or Certified DevSecOps Professional .
  
  
• Experience with zero trust architecture and security automation.
  
  
• Knowledge of logging and monitoring tools (ELK, Splunk, Prometheus, Grafana, etc.).