DevSecOps Engineer

About the Role:We are looking for a proactive and technically skilled DevSecOps Engineer to integrate and operationalize security across our DevOps pipelines and cloud infrastructure. This role serves as a critical link between our security and engineering teams, embedding robust security practices into every stage of the software development lifecycle (SDLC), CI/CD workflows, and cloud-native deployments.The ideal candidate is passionate about automation, prevention-focused, and experienced in building scalable security controls within fast-paced engineering environments.Key Responsibilities1. Secure DevOps & Control EnforcementMonitor CI/CD pipelines (e.g., AWS Code Pipeline, GitHub Actions) for policy violations, secret exposures, and insecure configurations.Analyze and interpret results from security tools like SAST, DAST, IAST (e.g., SonarQube, Check Marx, OWASP ZAP, Dependency-Check).Perform vulnerability triage on container scan reports and provide remediation guidance (e.g., base image hardening).Conduct Infrastructure-as-Code (IaC) security reviews (Terraform, CloudFormation) to detect misconfigurations pre-deployment.Enforce security guardrails within pipeline configurations (e.g., code signing, mandatory static analysis steps).Monitor logs and security dashboards for anomalies in production and staging environments.Provide real-time support for security events within the CI/CD or cloud infrastructure.2. Security Automation & CollaborationImplement automated security controls across CI/CD pipelines and track vulnerability status using tools like JIRA.Develop scripts and automation for preventive controls and repeatable security checks (e.g., Python, Bash, Groovy).Work closely with development and platform teams to promote secure coding, library hygiene, and secure deployment practices.Participate in threat modeling, design reviews, and secure architecture discussions for new or evolving services.Maintain clear documentation including playbooks, tool configurations, and developer security guidelines.Evaluate and conduct POCs for emerging security tools, integrating effective solutions into the SDLC.Ongoing ContributionsTrack remediation SLAs for high-priority vulnerabilities in deployed applications.Audit CI/CD pipelines for insecure bypasses or outdated security controls.Review source code repository settings (branch protections, token scopes, access control).Facilitate developer training and workshops on secure coding practices.Update and maintain DevSecOps dashboards and metrics in collaboration platforms (e.g., JIRA, Confluence).Contribute to post-incident reviews and drive continuous improvement of security response processes.Qualifications & Experience2–4 years of hands-on experience in DevSecOps, Application Security, or Security Engineering.Strong knowledge of CI/CD pipelines, version control systems, and security toolchains.Practical experience with scripting languages (e.g., Python, Bash) and pipeline configurations (e.g., YAML).Familiarity with cloud-native infrastructure (AWS, Azure, GCP) and associated security controls.Understanding of security frameworks and standards (e.g., OWASP Top 10, SANS CWE 25, NIST, CIS).Experience with container security (Docker, Kubernetes) and vulnerability management.Soft Skills & AttributesDetail-oriented, with a strong focus on proactive security and automation.Able to collaborate effectively across engineering, QA, and operations teams.Strong analytical and problem-solving skills within dynamic DevOps environments.Excellent communication and technical documentation abilities.Self-driven, curious, and eager to stay ahead of evolving security challenges.Why Join Us?Work in a security-first culture with modern tech stacks.Be at the forefront of securing cloud-native applications.Collaborate with passionate professionals across engineering and security.Grow in a role that offers continuous learning and impact.