Job Summary: We are seeking a highly skilled and experiencedDevSecOps Engineerto join our dynamic engineering team. The ideal candidate will work at the intersection of development, security, and operations to integrate security into every phase of the software development lifecycle (SDLC). You will collaborate with cross-functional teams to ensure that security practices are embedded in the continuous integration and continuous delivery (CI/CD) pipeline, as well as across infrastructure and operations.Key Responsibilities: Integrate Security Practices : Ensure that security is integrated into the CI/CD pipeline, starting from development through testing, deployment, and maintenance stages. Automation of Security Controls : Automate security processes and integrate security tools into build, test, and deployment pipelines. Vulnerability Management : Perform security assessments, vulnerability scanning, and penetration testing to identify weaknesses and recommend mitigation strategies. Infrastructure as Code (IaC) : Develop and manage security controls for cloud platforms, infrastructure-as-code tools, and automated environments (e.g., Terraform, Ansible). Collaborate with Development and Operations Teams : Work with software developers, systems administrators, and network engineers to ensure secure development practices and mitigate potential risks. Incident Response : Actively participate in security incident investigations, root cause analysis, and remediation efforts. Security Audits and Compliance : Ensure compliance with security standards (e.g., NIST, ISO, SOC 2, GDPR) and conduct audits to identify areas of improvement. Continuous Learning and Adaptation : Stay up to date with the latest security threats, vulnerabilities, and mitigation strategies to continually improve security processes. Documentation and Reporting : Maintain clear documentation for security policies, practices, and incident responses. Report findings and improvements to leadership.Key Requirements: Education : Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience. Experience : 2+ years of experience in DevSecOps or similar roles. Experience with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI, etc.) and source code management (e.g., Git). Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and cloud-native security tools. Experience with automated security testing tools (e.g., Snyk, SonarQube, Checkmarx). Technical Skills : Strong knowledge of security best practices for both development and operations. Expertise in scripting languages (Python, Bash, PowerShell, etc.). Experience with infrastructure as code (IaC) tools like Terraform, CloudFormation, or Ansible. Knowledge of containerization (Docker, Kubernetes) and associated security practices. Familiarity with network security, firewalls, VPNs, IDS/IPS, and other security solutions. Security Certifications (Preferred) : Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) AWS Certified Security Specialty, or similar security certifications. Soft Skills : Strong problem-solving and analytical abilities. Excellent communication skills to collaborate with different teams and report to leadership. Ability to work under pressure and manage multiple priorities.Preferred Qualifications: Experience with security orchestration, automation, and response (SOAR) platforms. Knowledge of compliance frameworks (e.g., HIPAA, SOC 2, PCI-DSS). Understanding of application security (AppSec) and web application firewalls (WAFs). AWS working experience preferred.
Job Title
DevSecOps Engineer