Aziro - Senior Security Engineer - DevSecOps

Description :

Role : Senior Security Engineer

Experience : 5- 10 yrs

Location : Bengaluru

Key Responsibilities :

Vulnerability Management :

- Perform vulnerability scanning and analysis using tools such as SonarQube, Aqua Security, and Terraform Sentinel.

- Integrate vulnerability scanning into the CI/CD pipeline to identify and remediate security issues early in the development lifecycle.

- Collaborate with development and operations teams to drive secure coding practices and enforce compliance with security standards.

Security Information and Event Management (SIEM) :

- Configure, manage, and optimize SIEM solutions for real-time threat detection, log management, and compliance reporting.

- Develop advanced analytics, dashboards, and alerting mechanisms to proactively detect and mitigate security incidents.

- Work with tools such as Splunk Enterprise Security, Log360, Datadog HQ, or Securonix to strengthen incident response processes.

Monitoring and Alerting :

- Deploy and manage monitoring solutions like Prometheus and Grafana to ensure system reliability, uptime, and performance.

- Implement automated alerting mechanisms to quickly identify abnormal patterns or suspicious activity.

Automation and Scripting :

- Write scripts in Python, Bash, or Shell to automate repetitive tasks, enhance monitoring, and streamline security checks.

- Basic understanding of Java to support secure application development and integration with security tools.

Collaboration and Governance :

- Partner with DevOps, Cloud, and Development teams to embed security controls across the SDLC.

- Enforce compliance policies and ensure adherence to internal and external security standards.

- Participate in security reviews, audits, and risk assessments to improve overall security posture.

Key Skills & Competencies :

- Hands-on experience in DevSecOps security tools (SonarQube, Aqua Security, Terraform Sentinel).

- Strong knowledge of SIEM platforms (Splunk Enterprise Security, Log360, Datadog HQ, Securonix).

- Expertise in real-time threat detection, incident response, and compliance monitoring.

- Proficiency in Prometheus and Grafana for monitoring and alerting.

- Ability to script in Python, Bash, Shell, with basic knowledge of Java.

- Strong analytical mindset with the ability to create advanced dashboards and security analytics.

- Excellent problem-solving skills and the ability to work under pressure in high-stakes environments.

- Good communication and collaboration skills to engage with cross-functional teams.

Preferred Qualifications :

- 47 years of experience in DevSecOps / Security Engineering / Cloud Security roles.

- Certifications such as CISSP, CISM, CEH, OSCP, or Splunk Certified Admin are an added advantage.

- Experience with cloud platforms (AWS, Azure, GCP) and securing containerized environments (Kubernetes, Docker).