We are seeking a skilled and motivated DevSecOps Engineer to integrate security practices into our DevOps pipeline, ensuring secure software development, deployment, and infrastructure.
You will automate and own security tooling, Integrate SAST, DAST, container/IaC scans, and secret detection into our CI/CD, continuously improving the stack. Harden application security, embed secure-coding best practices, OWASP Top-10 defenses, and threat modeling throughout the SDLC. Raise cloud security standards, keep our cloud environments aligned with best practice to mitigate any risk.
Key Responsibilities:
Secure CI/CD Pipelines: Integrate security into continuous integration and delivery workflows (CI/CD).
Automation & Tooling: Implement and manage tools for static and dynamic code analysis (SAST, DAST), software composition analysis (SCA), and secrets management.
Cloud Security: Ensure infrastructure-as-code (IaC) and cloud deployments (e.g., AWS, Azure, GCP) are secure and compliant.
Monitoring & Incident Response: Set up security monitoring and logging; support incident response and forensic analysis.
Policy & Compliance: Work with compliance teams to enforce standards such as ISO 27001, SOC 2, NIST, or HIPAA, depending on your environment.
Collaboration: Serve as a bridge between development, operations, and security to ensure alignment and shared responsibility for security.
Requirements: 3+ years of experience in DevOps, Security Engineering, or related roles.
Strong experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions ).
Proficiency in scripting (e.g., Python, Bash)
Hands-on experience with container security (Docker, Kubernetes) - trivy advantag
Familiarity with SAST, DAST, SCA tools (e.g., SonarQube, Checkmarx, Veracode, Aqua, Snyk).
Knowledge of cloud platforms (AWS, GCP) and cloud security..
Strong problem-solving and analytical skills.
Ability to work collaboratively across multiple teams and custommers.
Excellent communication and documentation abilities.
Advantage:
Security certifications such as CISSP, CEH, OSCP, or AWS Security Specialty.
Experience with zero-trust architecture or security in microservices.
Background in secure software development lifecycle (SSDLC) practices.
This position is open to all candidates.