<p><p><b>Job Title :</b> DevSecOps Required :</b> 6- 8 :</b> Type :</b> Overview :</b></p><p><b><br/></b></p>We are seeking a seasoned DevSecOps Engineer with 6- 8 years of hands-on experience in implementing security best practices across DevOps workflows.
The ideal candidate will have deep expertise in ISO 27001:2022, SOC 2 Type II audits, and cloud-native security tools.
You will play a critical role in integrating security into CI/CD pipelines, managing identity and access, and driving compliance across infrastructure and Responsibilities :</b></p><p><b><br/></b></p>- Lead and support ISO 27001:2022 and SOC 2 Type II compliance initiatives, representing DevOps and IT in audits and assessments.<br/><br/></p><p>- Conduct monthly internal audits for User Access Management, ensuring adherence to least privilege principles and security policies.<br/><br/></p><p>- Manage and integrate authentication mechanisms including Okta, AWS Cognito, OIDC Connect, and OAuth </p><p>2.0.<br/><br/></p><p>- Design and maintain Enterprise Risk Matrices aligned with NIST, ISO, and CIS frameworks.<br/><br/></p><p>- Develop and implement incident response policies and procedures to enhance organizational security posture.<br/><br/></p><p>- Oversee security patching within release management cycles to ensure regulatory compliance.<br/><br/></p><p>- Automate security workflows using AWS Security Hub, Inspector, Patch Manager, and EventBridge.<br/><br/></p><p>- Build and maintain automated vulnerability mitigation tasks using AWS CodeBuild.<br/><br/></p><p>- Use Terraform for Infrastructure as Code (IaC) to manage cloud resources securely and efficiently.<br/><br/></p><p>- Create detailed audit reports with actionable insights to support continuous improvement.<br/><br/></p><p>- Collaborate with cross-functional teams to translate complex security concepts into practical solutions for technical and non-technical Skills & Qualifications :</b></p><p><b><br/></b></p>- 6- 8 years of experience in DevSecOps, Cloud Security, or IT Compliance.<br/><br/></p><p>- Strong understanding of ISO 27001, SOC 2, NIST, and CIS frameworks.<br/><br/></p><p>- Hands-on experience with AWS services, especially security tools.<br/><br/></p><p>- Proficiency in Terraform, CI/CD pipelines, and DevOps automation.<br/><br/></p><p>- Experience with identity and access management platforms (Okta, Cognito, etc.).<br/><br/></p><p>- Excellent communication and documentation skills.</p><p><br/></p><p>- Ability to work independently and lead security initiatives across Qualifications :</b></p><p><b><br/></b></p>- AWS Security Specialty.<br/><br/></p><p>- Certified DevSecOps Professional.<br/><br/></p><p>- Experience with container security, Kubernetes, or SAST/DAST tools.<br/><br/></p><p>- Familiarity with SIEM platforms and security orchestration.</p><br/></p> (ref:hirist.tech)