DevSecOps Engineer
zimyo
Job Description
-
Implement and maintain secure CI/CD pipelines.
-
Integrate security controls into DevOps processes and workflows.
-
Perform vulnerability assessments and security scans on applications, containers, and infrastructure.
-
Automate security testing within build and deployment pipelines.
-
Monitor cloud environments and ensure adherence to security best practices.
-
Collaborate with Development, QA, and Infrastructure teams to remediate security vulnerabilities.
-
Configure and manage IAM policies, access controls, and secrets management.
-
Support compliance initiatives and security audits.
-
Monitor, investigate, and respond to security incidents.
-
Implement Infrastructure as Code (IaC) security best practices.
-
Ensure secure containerization and Kubernetes deployments.
Required Skills
DevOps & Cloud
-
AWS, Azure, or GCP
-
CI/CD Pipelines (Jenkins, GitHub Actions, GitLab CI/CD)
-
Docker
-
Kubernetes
-
Linux Administration
-
Shell Scripting
Security
-
Application Security (AppSec)
-
Vulnerability Management
-
OWASP Top 10
-
Security Testing
-
Container Security
-
Cloud Security
-
Identity & Access Management (IAM)
-
Secrets Management
Infrastructure as Code
-
Terraform
-
CloudFormation (Good to Have)
Security Tools
Experience with one or more of the following:
-
SonarQube
-
Snyk
-
Trivy
-
OWASP ZAP
-
Checkmarx
-
Veracode
-
Aqua Security
-
Prisma Cloud
Monitoring & Logging
-
ELK Stack
-
Grafana
-
Prometheus
-
CloudWatch
Preferred Qualifications
-
Bachelor's degree in Computer Science, Information Technology, or related field.
-
Experience working in Agile/Scrum environments.
-
Understanding of Secure SDLC principles.
-
Knowledge of security compliance standards such as ISO 27001, SOC 2, PCI-DSS, or GDPR.
-