Devsecops Engineer

Job Overview

• We are looking for a DevOps Engineer with a minimum 7 years of experience in

building, managing, and automating DevOps pipelines and deployments on self-

managed infrastructure.

• This role demands hands-on experience with at least 2 tools from the following stack:
• Jenkins / CloudBees - Mandatory
• Docker
• JFrog Artifactory - Mandatory
• SonarQube
• GitHub Enterprise
• The candidate should be comfortable working in Linux environments, automating tasks with scripts, and configuring the DevSecOps ecosystem at an infrastructure and pipeline level.
• Key Responsibilities & Expected Configuration Knowledge
• Jenkins / CloudBees Jenkins:
• Design and write Jenkins file for pipeline-as-code (declarative or scripted)
• Create multi-branch pipelines
• Configure build triggers (SCM/webhook/cron), post-build actions, and shared libraries
• Install and configure Jenkins plugins (e.g., Git, SonarQube Scanner, Artifactory)
• Set up Jenkins agents (static or dynamic)
• Store build artifacts and test results
• Monitor and troubleshoot builds via console output and logs
• Docker:
• Write and maintain Dockerfiles for application packaging
• Use docker-compose for local testing environments
• Build and tag images via Jenkins pipeline
• Push/pull images to/from JFrog Artifactory Docker registry
• Implement security best practices: base image validation, multi-stage builds, image cleanup automation
• SonarQube:
• Configure SonarQube for Java/Maven (or .NET) projects
• Generate and analyze reports on code smells, vulnerabilities, bugs
• Enforce quality gates in Jenkins using sonarScanner CLI or plugin
• Set up project-level and global rulesets
• Manage access control and authentication
• JFrog Artifactory:
• Set up and manage local repositories for Maven, Docker, and npm
• Configure virtual repositories for aggregation
• Implement artifact retention policies
• Automate artifact uploads from Jenkins using Artifactory plugin, REST API, or CLI
• Set user/group/permission targets for access control
• GitHub Enterprise:
• Manage repositories, create branches, handle pull requests
• Configure branch protection rules and merge checks
• Implement webhook triggers to integrate with Jenkins
• Resolve merge conflicts and apply GitFlow or trunk-based workflows
• Linux & Scripting:
• Navigate and manage Linux file systems
• Write Bash, Python, or PowerShell scripts for automation
• Configure log rotation and cleanup for Jenkins, SonarQube, Artifactory
• Set up reverse proxies (Nginx/Apache) if needed

• Review and troubleshoot logs in /var/log, /opt/Jenkins, or containers

• Integrate security scans (SAST, DAST, dependency scans) into CI/CD pipelines.

• Automate vulnerability detection and remediation using tools like SonarQube, Snyk,

Checkmarx, and JFrog Xray.

1. Secure code, containers, and cloud infrastructure with regular audits.

2. Manage secrets and credentials using Vault or cloud key management services.

3. Implement RBAC and least privilege access across DevOps tools.

4. Ensure secure configuration and patching of servers, containers, and environments.

5. Monitor pipelines and deployments for security incidents and compliance issues.

6. Use trusted repositories and signed artifacts to prevent supply chain risks.

7. Collaborate with development and operations teams to fix vulnerabilities early.

8. Promote a security-first culture and continuous improvement in

DevOps practices.

• Tools & Technologies (Hands-on Expectation):
• CI/CD: Jenkins (CloudBees), GitHub Webhooks

SCM: GitHub Enterprise

Containers: Docker, Docker Compose

Quality: SonarQube

Artifacts: JFrog Artifactory (Maven + Docker)

Scripting: Bash, Python, PowerShell

OS: Linux (Ubuntu/CentOS), Windows (for .NET if applicable)

Build Tools: Maven, Gradle, dotnet CLI

• Minimum Requirements:
• 7+ years total experience
• 4+ years hands-on with the following: Jenkins, Docker, SonarQube, JFrog Artifactory,

GitHub Enterprise

• Clear understanding of DevSecOps workflows, not just tool usage
• Must be able to explain what they have configured and automated in each tool
• Preferred Skills (Nice to Have):
• Exposure to infrastructure-as-code tools (e.g., Ansible, Terraform)
• Awareness of DevSecOps practices
• Experience with monitoring tools (Grafana, Prometheus, Nagios)
• Experience integrating .NET Core apps (IIS or Kestrel hosting)
• Code-level security