DevSecOps Engineer

About the Role:

We are seeking an experienced DevSecOps Engineer to integrate security best practices into our DevOps processes. You will be responsible for designing, implementing, and maintaining secure CI/CD pipelines, ensuring application and infrastructure security, and collaborating with development, operations, and security teams to build a robust and compliant environment.

Key Responsibilities:

• Integrate security controls and tools into CI/CD pipelines.
• Perform vulnerability assessments, threat modeling, and remediation.
• Automate security testing (SAST, DAST, SCA, container scanning, etc.).
• Implement infrastructure security best practices in cloud/on-premise environments.
• Ensure compliance with security standards (ISO, SOC2, GDPR, HIPAA, etc.).
• Collaborate with development and operations teams to address security issues.
• Monitor, detect, and respond to security incidents.
• Define and enforce security policies, procedures, and best practices.

Required Skills & Qualifications:

• Strong experience in DevOps, Security, and Cloud platforms (AWS, Azure, or GCP).
• Proficiency in CI/CD tools (Jenkins, GitLab CI, GitHub Actions, Azure DevOps).
• Should have 5+ years of experience in similar role.
• Hands-on with security tools: Snyk, SonarQube, Aqua, Twistlock, Checkmarx, Fortify, OWASP ZAP, etc.
• Strong knowledge of containers & orchestration (Docker, Kubernetes, Helm).
• Experience with Infrastructure as Code (IaC) tools like Terraform, Ansible, or CloudFormation.
• Knowledge of network security, firewalls, IAM, encryption, secrets management.
• Familiarity with monitoring/logging tools (ELK, Prometheus, Grafana, Splunk).
• Scripting experience (Python, Bash, Go, or similar).