DevSecOps Engineer

About the Role:

We are looking for a proactive and technically skilled DevSecOps Engineer to integrate and operationalize security across our DevOps pipelines and cloud infrastructure. This role serves as a critical link between our security and engineering teams, embedding robust security practices into every stage of the software development lifecycle (SDLC), CI/CD workflows, and cloud-native deployments.

The ideal candidate is passionate about automation, prevention-focused, and experienced in building scalable security controls within fast-paced engineering environments.

Key Responsibilities

1. Secure DevOps & Control Enforcement

• Monitor CI/CD pipelines (e.g., AWS Code Pipeline, GitHub Actions) for policy violations, secret exposures, and insecure configurations.
• Analyze and interpret results from security tools like SAST, DAST, IAST (e.g., SonarQube, Check Marx, OWASP ZAP, Dependency-Check).
• Perform vulnerability triage on container scan reports and provide remediation guidance (e.g., base image hardening).
• Conduct Infrastructure-as-Code (IaC) security reviews (Terraform, CloudFormation) to detect misconfigurations pre-deployment.
• Enforce security guardrails within pipeline configurations (e.g., code signing, mandatory static analysis steps).
• Monitor logs and security dashboards for anomalies in production and staging environments.
• Provide real-time support for security events within the CI/CD or cloud infrastructure.

2. Security Automation & Collaboration

• Implement automated security controls across CI/CD pipelines and track vulnerability status using tools like JIRA.
• Develop scripts and automation for preventive controls and repeatable security checks (e.g., Python, Bash, Groovy).
• Work closely with development and platform teams to promote secure coding, library hygiene, and secure deployment practices.
• Participate in threat modeling, design reviews, and secure architecture discussions for new or evolving services.
• Maintain clear documentation including playbooks, tool configurations, and developer security guidelines.
• Evaluate and conduct POCs for emerging security tools, integrating effective solutions into the SDLC.

Ongoing Contributions

• Track remediation SLAs for high-priority vulnerabilities in deployed applications.
• Audit CI/CD pipelines for insecure bypasses or outdated security controls.
• Review source code repository settings (branch protections, token scopes, access control).
• Facilitate developer training and workshops on secure coding practices.
• Update and maintain DevSecOps dashboards and metrics in collaboration platforms (e.g., JIRA, Confluence).
• Contribute to post-incident reviews and drive continuous improvement of security response processes.

Qualifications & Experience

• 2–4 years of hands-on experience in DevSecOps, Application Security, or Security Engineering.
• Strong knowledge of CI/CD pipelines, version control systems, and security toolchains.
• Practical experience with scripting languages (e.g., Python, Bash) and pipeline configurations (e.g., YAML).
• Familiarity with cloud-native infrastructure (AWS, Azure, GCP) and associated security controls.
• Understanding of security frameworks and standards (e.g., OWASP Top 10, SANS CWE 25, NIST, CIS).
• Experience with container security (Docker, Kubernetes) and vulnerability management.

Soft Skills & Attributes

• Detail-oriented, with a strong focus on proactive security and automation.
• Able to collaborate effectively across engineering, QA, and operations teams.
• Strong analytical and problem-solving skills within dynamic DevOps environments.
• Excellent communication and technical documentation abilities.
• Self-driven, curious, and eager to stay ahead of evolving security challenges.

Why Join Us?

• Work in a security-first culture with modern tech stacks.
• Be at the forefront of securing cloud-native applications.
• Collaborate with passionate professionals across engineering and security.
• Grow in a role that offers continuous learning and impact.