D-TechWorks - DevSecOps Engineer

Description :

Job Description : DevSecOps (Security test lead) Engineer

Experience Level : 5-8 Years

Location : Bangalore, Rohan Tech Park /Mumbai, Mahape

Notice : Immediate to 15 days

Tech stack and Mandatory Skills :

Application Security : Strong expertise in SAST (Static Application Security Testing) & SCA (Software Composition Analysis) tools

Tool Proficiency : Hands-on with Snyk, SonarQube, Checkmarx, Fortify (or equivalent)

False Positive Management : Proven ability to identify, triage, and eliminate false positives

Secure SDLC / CI/CD : Deep understanding of Secure Software Development Lifecycle and CI/CD environments

Web & API Security : Solid knowledge of OWASP Top 10, secure coding standards, and API security concepts

DevOps Tools : Jenkins, GitLab, Azure DevOps

Collaboration & Training : Excellent communication and ability to influence teams

Experience : 5-8 years in Application Security or DevSecOps domain

Role Summary :

We are seeking a skilled DevSecOps Engineer with strong expertise in Application Security, SAST, and SCA tools. The ideal candidate will collaborate closely with development and DevOps teams to integrate security seamlessly into the CI/CD pipeline, identify and eliminate false positives, and drive vulnerability remediation across multiple business applications. Hands-on experience in Snyk or equivalent platforms will be a significant advantage.

Key Responsibilities :

- Implement and maintain SAST and SCA tools within the CI/CD pipeline for continuous code scanning.

- Analyze scan results, validate and triage false positives, and ensure accuracy of reported vulnerabilities.

- Collaborate with development teams to guide and support remediation of security vulnerabilities.

- Work with DevOps teams to automate security checks and streamline secure build and deployment processes.

- Perform tool integrations (Snyk, SonarQube, Checkmarx, or similar) to improve visibility of the organizations security posture.

- Provide technical guidance and training to developers on secure coding practices.

- Participate in threat modeling, secure design discussions, and application architecture reviews.

- Prepare and maintain documentation for processes, standards, and tool usage.

Required Skills & Experience :

- 5-8 years of experience in Application Security or DevSecOps domain.

- Strong understanding of SAST and SCA tools (e.g., Checkmarx, Fortify, SonarQube, Snyk, or similar).

- Proven ability to identify, analyze, and manage false positives effectively.

- Good understanding of Secure SDLC and CI/CD environments.

- Solid knowledge of web and API security concepts, OWASP Top 10, and secure coding standards.

- Hands-on experience with DevOps tools such as Jenkins, GitLab, or Azure DevOps.

- Excellent communication and collaboration skills to influence security adoption across teams.

Preferred / Nice to Have :

- Experience using Snyk for open-source dependency management.

- Exposure to container security, IaC scanning, or cloud-native security controls.

- Security certifications such as CEH, OSCP, or CSSLP.