Gleecus TechLabs

Job Title : DevSecOps Engineer.

Location : Chennai.

Responsibilities :

- Collaborate with development, operations, and security teams to integrate security best practices and tools into the software development life cycle.

- Shift Left Approach to security within the pipelines, to scan and update IaC code for relevant Benchmark/frameworks and industry best Practices.

- Design, implement, and maintain security automation and monitoring tools to identify and remediate security vulnerabilities in applications and infrastructure.

- Perform regular security assessments, penetration testing, and vulnerability scanning to proactively identify and address potential security risks.

- Develop and maintain security policies, guidelines, and procedures to ensure consistent and secure development practices across the organisation.

- Monitor and analyse security incidents to improve security measures and prevent future incidents.

- Assist in incident response and remediation efforts, providing expertise in security incident management and root cause analysis.

- Ensure compliance with industry regulations and standards, such as GDPR, HIPAA, PCI DSS, or other relevant frameworks.

- Educate and train development and operations teams on secure coding practices, security tooling, and the latest security trends and threats.

- Continuously evaluate and recommend new security technologies and best practices to improve the organisations overall security posture.

Requirements:.

- Bachelor's degree in computer science, information security, or a related field, or equivalent experience.

- Strong understanding of secure software development practices, such as OWASP Top Ten, secure coding principles, and threat modeling.

- Familiarity with security technologies and tools, including vulnerability scanners, intrusion detection systems, firewalls, and encryption technologies.

- Terraform IaC.

- Proficiency in one or more programming or scripting languages (e. , Python, Ruby, JavaScript, Go).

- Experience with CI/CD pipelines, automation tools, and containerization technologies

- Knowledge of cloud platforms (e., AWS, Azure, GCP) and their respective security services, best practices, and compliance requirements.

- Strong analytical, problem-solving, and communication skills.

- Relevant industry certifications, such as CISSP, CEH, or CompTIA Security+, are a plus.