A DevSecOps Engineer integrates security into every phase of the Software Development

Lifecycle (SDLC), from planning to deployment, by automating security processes and fostering a collaborative culture between Development, Security, and Operations teams. Their responsibilities include implementing automated security scans, defining security policies, performing threat modeling, ensuring compliance, and monitoring infrastructure to minimize vulnerabilities and risks early in the process.

We are seeking a DevSecOps Engineer (4-5 years of experience) who can ensure that security is embedded into our DevOps practices, delivering secure, scalable, and efficient solutions across applications and infrastructure.

Key Responsibilities :

- Security Integration : Embed security measures into the software development pipeline, ensuring it's a shared responsibility rather than an afterthought.

- Automation : Automate security tasks like code scanning, testing, and security policy enforcement to improve efficiency and speed.

- Collaboration : Bridge communication and collaboration between development, security, and operations teams to ensure security is built in from the start.

- Vulnerability Management : Identify and mitigate security vulnerabilities by performing threat modeling, risk assessments, and continuous monitoring.

- Compliance : Ensure software and infrastructure adhere to relevant security standards and regulations (ISO, SOC2, GDPR, etc.).

- Tooling : Utilize and build custom tools for security testing, CI/CD integration, dependency management, and monitoring.

Core Principles :

- Shift-Left Security : Integrate security earlier in the development lifecycle to address issues before they become costly problems.

- Continuous Improvement : Continuously monitor and refine security processes to strengthen overall security posture.

- Shared Responsibility : Promote a culture where all team members understand and contribute to security.

Required Skills & Knowledge :

- Strong understanding of security principles and threat modeling.

- Hands-on experience with automation tools and CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions, etc.).

- Proficiency in cloud-native platforms (AWS, Azure, or GCP) with focus on cloud security.

- Expertise in programming and secure coding practices (Python, Bash, Shell scripting).

- Knowledge of containers and orchestration (Docker, Kubernetes, OpenShift).

- Experience with risk management and compliance frameworks.

- Familiarity with DevSecOps security tools such as Snyk, SonarQube, OWASP ZAP, Prisma Cloud, Aqua, or Twistlock.

- Strong problem-solving, collaboration, and communication skills.

Preferred Qualifications :

- Certifications such as AWS Certified Security Specialty, CKA, CEH, OSCP, or DevSecOps-related credentials.

- Knowledge of Zero Trust architecture, SIEM, or SOAR solutions.

- Experience in securing APIs, microservices, and serverless applications.