DevSecOps Engineer

Role & Responsibilities We are hiring a Senior DevSecOps / Security Engineer with 8+ years of experience securing AWS cloud, on-prem infrastructure, DevOps platforms, MLOps environments, CI/CD pipelines, container orchestration, and data/ML platforms. This role is responsible for creating and maintaining a unified security posture across all systems used by DevOps and MLOps teams - including AWS, Kubernetes, EMR, MWAA, Spark, Docker, GitOps, observability tools, and network infrastructure. Key Responsibilities: 1. Cloud Security (AWS)- Secure all AWS resources consumed by DevOps/MLOps/Data Science: EC2, EKS, ECS, EMR, MWAA, S3, RDS, Redshift, Lambda, CloudFront, Glue, Athena, Kinesis, Transit Gateway, VPC Peering. Implement IAM least privilege, SCPs, KMS, Secrets Manager, SSO & identity governance. Configure AWS-native security: WAF, Shield, GuardDuty, Inspector, Macie, CloudTrail, Config, Security Hub. Harden VPC architecture, subnets, routing, SG/NACLs, multi-account environments. Ensure encryption of data at rest/in transit across all cloud services. 2. DevOps Security (IaC, CI/CD, Kubernetes, Linux)- Infrastructure as Code & Automation Security: Secure Terraform, CloudFormation, Ansible with policy-as-code (OPA, Checkov, tfsec). Enforce misconfiguration scanning and automated remediation. CI/CD Security: Secure Jenkins, GitHub, GitLab pipelines with SAST, DAST, SCA, secrets scanning, image scanning. Implement secure build, artifact signing, and deployment workflows. Containers & Kubernetes: Harden Docker images, private registries, runtime policies. Enforce EKS security: RBAC, IRSA, PSP/PSS, network policies, runtime monitoring. Apply CIS Benchmarks for Kubernetes and Linux. Monitoring & Reliability: Secure observability stack: Grafana, CloudWatch, logging, alerting, anomaly detection. Ensure audit logging across cloud/platform layers. 3. MLOps Security (Airflow, EMR, Spark, Data Platforms, ML Pipelines)- Pipeline & Workflow Security: Secure Airflow/MWAA connections, secrets, DAGs, execution environments. Harden EMR, Spark jobs, Glue jobs, IAM roles, S3 buckets, encryption, and access policies. ML Platform Security: Secure Jupyter/JupyterHub environments, containerized ML workspaces, and experiment tracking systems. Control model access, artifact protection, model registry security, and ML metadata integrity. Data Security: Secure ETL/ML data flows across S3, Redshift, RDS, Glue, Kinesis. Enforce data versioning security, lineage tracking, PII protection, and access governance. ML Observability: Implement drift detection (data drift/model drift), feature monitoring, audit logging. Integrate ML monitoring with Grafana/Prometheus/CloudWatch. 4. Network & Endpoint Security- Manage firewall policies, VPN, IDS/IPS, endpoint protection, secure LAN/WAN, Zero Trust principles. Conduct vulnerability assessments, penetration test coordination, and network segmentation. Secure remote workforce connectivity and internal office networks. 5. Threat Detection, Incident Response & Compliance- Centralize log management (CloudWatch, OpenSearch/ELK, SIEM). Build security alerts, automated threat detection, and incident workflows. Lead incident containment, forensics, RCA, and remediation. Ensure compliance with ISO 27001, SOC 2, GDPR, HIPAA (as applicable). Maintain security policies, procedures, RRPs (Runbooks), and audits. Ideal Candidate 8+ years in DevSecOps, Cloud Security, Platform Security, or equivalent. Proven ability securing AWS cloud ecosystems (IAM, EKS, EMR, MWAA, VPC, WAF, GuardDuty, KMS, Inspector, Macie). Strong hands-on experience with Docker, Kubernetes (EKS), CI/CD tools, and Infrastructure-as-Code. Experience securing ML platforms, data pipelines, and MLOps systems (Airflow/MWAA, Spark/EMR). Strong Linux security (CIS hardening, auditing, intrusion detection). Proficiency in Python, Bash, and automation/scripting. Excellent knowledge of SIEM, observability, threat detection, monitoring systems. Understanding of microservices, API security, serverless security. Strong understanding of vulnerability management, penetration testing practices, and remediation plans. Education- Master's degree in Cybersecurity, Computer Science, Information Technology, or related field. Relevant certifications (AWS Security Specialty, CISSP, CEH, CKA/CKS) are a plus. Perks, Benefits and Work Culture Competitive Salary Package Generous Leave Policy Flexible Working Hours Performance-Based Bonuses Health Care Benefits