DevSecops Engineer

Job Title: DevSecops Engineer Location: Delhi Work from Client Site No. Of Positions- 2 Experience Required: 1 position: 3-5 Years 10-12 LPA 1 position: 5-7 years - 18-20 LPA Team Size & Reporting- NA Designation: DevSecops Engineer/ Sr. DevSecops Engineer Job Overview The DevSecOps Engineer will be pivotal in embedding security into the DevOps pipeline, working closely with development, operations, and security teams. This role involves fostering a culture of security awareness and implementing DevSecOps best practices to ensure secure, efficient, and scalable deployments. By setting up and managing a suite of on-premises DevSecOps tools, the engineer will play a key role in enhancing the organization’s security posture and supporting the overall goals of reliability, speed, and resilience in software delivery. Key Responsibilities Collaboration and Advocacy: Partner with development, operations, and security teams to promote security awareness and DevSecOps principles. CI/CD Pipeline Development: Build and maintain secure CI/CD pipelines using Jenkins, GitLab, and SonarQube, automating all stages of the software development lifecycle. Infrastructure as Code (IaC): Implement and manage configuration with Ansible and cloud infrastructure provisioning with Terraform to create scalable, repeatable environments. Container Orchestration: Utilize Kubernetes to manage and scale applications in production, ensuring efficient deployment of containerized workloads. Vulnerability Management: Configure and manage security scanning tools like Clair, Trivy, OWASP Dependency Check, and OWASP ZAP to detect and address vulnerabilities early in the development lifecycle. Secrets Management: Secure sensitive data using tools such as GitSecrets and TruffleHog to avoid accidental exposure of credentials within code repositories Security Monitoring and Compliance: Integrate SonarQube for continuous code quality checks and ensure security compliance with industry standards. Security Workflow Automation: Develop scripts and automation processes to integrate security tools within DevOps workflows, improving the security stance without affecting deployment speed. Microservices Management: Oversee multiple repositories hosting Python-based microservices, deploying them on Kubernetes while ensuring high standards of performance and maintainability. Database and Artifact Management: Implement and secure Apache Kafka clusters, manage Redis databases, and integrate Sonatype Nexus for artifact repository management. Security Testing: Conduct security assessments and vulnerability testing using Burp Suite, helping to identify and mitigate security risks in applications. Job Description- DevSecops Engineer EPPS Internal Qualifications Education & Experience Bachelor’s degree in Engineering, Computer Science, or a related field. Minimum of 3+ years of experience in DevOps with strong focus on Kubernetes and Docker. Hands-on experience with DevOps tools, Helm, Kubernetes, and container orchestration. Skills & Competencies Technical Skills (Mandatory) o Kubernetes,Helm,Ansible,Zot,Git Hub,SonarQube,OWASAP,Clair,Trivy Strong understanding of Linux atleast 3+ yrs Secure CI/CD pipeline development with Jenkins, GitLab, and SonarQube 2+ Yrs Proficiency in Ansible (IaC) 2+ yrs Kubernetes for container orchestration3+ Familiarity with vulnerability scanning tools (Clair, Trivy, OWASP Dependency Check).2+ Yrs Secrets management tools like GitSecrets and TruffleHog 2+ Yrs Continuous code quality and compliance monitoring using SonarQube 2+ yrs Automation skills for integrating security tools into DevOps workflows 3+ yrs Experience with Apache Kafka and Redis for secure configuration and performance optimization 1+ yrs Artifact repository management using Sonatype Nexus 2+ yrs o Added Advantage o Offline setup Soft Skills (Mandatory) Strong team player with excellent communication skills. Ability to work collaboratively in cross-functional teams, bridging gaps between departments. LEVEL OF EXPERTISE DevOps - 3 years (Must Have) Kubernetes - 3 years (Must Have) Linux - 3 years (Must Have) Devsecops - 3 years (Nice to Have) Apache-Kafka - 1 year (Nice to Have) GIT - 2 years (Nice to Have) Ansible - 2 years (Nice to Have)