DevSecOps Engineer - Cloud Infrastructure Security

Experience Level : 4+ Years

Job Summary :

We are seeking an experienced DevSecOps Engineer with a strong background in integrating security into the DevOps lifecycle.

The candidate will be responsible for automating security practices, implementing CI/CD security controls, and ensuring secure infrastructure deployment across cloud and on-prem environments.

Key Responsibilities :

- Implement and maintain CI/CD pipelines with integrated security checks and automation.

- Conduct vulnerability assessment, threat modeling, and risk analysis across development and production environments.

- Integrate SAST, DAST, and dependency scanning tools into the build and release pipelines.

- Collaborate with development, operations, and security teams to define and enforce secure coding and deployment standards.

- Manage and maintain cloud infrastructure security (AWS/Azure/GCP), ensuring compliance with organizational and regulatory standards.

- Automate configuration management and policy enforcement using Terraform, Ansible, or similar tools.

- Monitor and respond to security alerts, incidents, and audit findings.

- Implement container security practices for Docker and Kubernetes environments.

- Stay updated with the latest security threats, tools, and industry trends to recommend and implement improvements.

Technical Skills & Tools :

- DevOps Tools: Jenkins, GitLab CI/CD, Azure DevOps, GitHub Actions

- Security Tools: SonarQube, Checkmarx, OWASP ZAP, Trivy, Snyk, Aqua Security

- Infrastructure as Code (IaC): Terraform, CloudFormation, Ansible

- Cloud Platforms: AWS / Azure / GCP

- Containerization: Docker, Kubernetes, Helm

- Scripting: Python, Bash, PowerShell

- Monitoring & Logging: ELK Stack, Prometheus, Grafana, Splunk

- Version Control: Git

Qualifications :

- Bachelor's degree in Computer Science, Information Security, or related field.

- Minimum 4 years of experience in DevOps or DevSecOps roles.

- Strong understanding of application security, cloud security, and automation frameworks.

- Experience implementing security controls in CI/CD pipelines.

- Familiarity with compliance frameworks (ISO 27001, NIST, SOC2, etc.) is a plus.

- Excellent problem-solving, analytical, and communication skills.

Preferred Certifications (Optional) :

- Certified DevSecOps Professional (CDP)

- AWS Certified Security - Specialty / Azure Security Engineer Associate

- Certified Kubernetes Security Specialist (CKS)

- CompTIA Security+ / CEH