DevSecOps Engineer

• Implement and maintain secure CI/CD pipelines.

• Integrate security controls into DevOps processes and workflows.

• Perform vulnerability assessments and security scans on applications, containers, and infrastructure.

• Automate security testing within build and deployment pipelines.

• Monitor cloud environments and ensure adherence to security best practices.

• Collaborate with Development, QA, and Infrastructure teams to remediate security vulnerabilities.

• Configure and manage IAM policies, access controls, and secrets management.

• Support compliance initiatives and security audits.

• Monitor, investigate, and respond to security incidents.

• Implement Infrastructure as Code (IaC) security best practices.

• Ensure secure containerization and Kubernetes deployments.

Required Skills

DevOps & Cloud

• AWS, Azure, or GCP

• CI/CD Pipelines (Jenkins, GitHub Actions, GitLab CI/CD)

• Docker

• Kubernetes

• Linux Administration

• Shell Scripting

Security

• Application Security (AppSec)

• Vulnerability Management

• OWASP Top 10

• Security Testing

• Container Security

• Cloud Security

• Identity & Access Management (IAM)

• Secrets Management

Infrastructure as Code

• Terraform

• CloudFormation (Good to Have)

Security Tools

Experience with one or more of the following:

• SonarQube

• Snyk

• Trivy

• OWASP ZAP

• Checkmarx

• Veracode

• Aqua Security

• Prisma Cloud

Monitoring & Logging

• ELK Stack

• Grafana

• Prometheus

• CloudWatch

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Technology, or related field.

• Experience working in Agile/Scrum environments.

• Understanding of Secure SDLC principles.

  • Knowledge of security compliance standards such as ISO 27001, SOC 2, PCI-DSS, or GDPR.