Devsecops Engineer - Security

• Pipeline Integration: Seamlessly bake security into the CI/CD lifecycle using Jenkins, GitLab, or GitHub Actions, ensuring zero-touch vulnerability checks.
• Security as Code: Design and implement automation scripts for continuous security testing (SAST/DAST) and real-time monitoring.
• Orchestration Hardening: Secure our containerized workloads across Docker and Kubernetes, ensuring runtime security and image integrity.

Cloud and Infrastructure Defense (30%):

• Cloud Governance: Develop and enforce robust security controls across AWS, Azure, or GCP to prevent misconfigurations and data leaks.
• Threat Modeling: Collaborate with engineering teams early in the SDLC to identify architectural flaws before they become vulnerabilities.
• Access Management: Implement and oversee sophisticated authentication, authorization (IAM), and cryptographic protocols.

Mobile and Incident Leadership (30%):

• Mobile App Security: Leverage your past experience to audit and harden our mobile ecosystem against platform-specific threats.
• Incident Response: Lead the "Front Line" during security events, conducting deep-dive root cause analysis and post-mortem remediations.
• Compliance and Trends: Ensure we stay ahead of industry standards and regulations while keeping the team updated on the latest zero-day exploits and defense tactics.

Requirements:

• Experience Depth: 3-4 years of dedicated experience in Application Security and DevSecOps roles.
• Cloud Proficiency: Hands-on mastery of at least one major cloud provider (AWS/Azure/GCP) and container orchestration (K8s/Docker).
• Tooling Fluency: Expert-level knowledge of automated security scanners and CI/CD platforms.
• Mobile Expertise: Proven track record of securing mobile applications and understanding mobile-specific security frameworks.
• Code Capability: Ability to script in Python or Go to automate security workflows (a significant plus).