Job Overview :

We are seeking a seasoned DevSecOps Engineer with 6 - 8 years of hands-on experience in implementing security best practices across DevOps workflows. The ideal candidate will have deep expertise in ISO 27001:2022, SOC 2 Type II audits, and cloud-native security tools. You will play a critical role in integrating security into CI/CD pipelines, managing identity and access, and driving compliance across infrastructure and applications.

Key Responsibilities :

- Lead and support ISO 27001:2022 and SOC 2 Type II compliance initiatives, representing DevOps and IT in audits and assessments

- Conduct monthly internal audits for User Access Management, ensuring adherence to least privilege principles and security policies

- Manage and integrate authentication mechanisms including Okta, AWS Cognito, OIDC Connect, and OAuth 2.0

- Design and maintain Enterprise Risk Matrices aligned with NIST, ISO, and CIS frameworks

- Develop and implement incident response policies and procedures to enhance organizational security posture

- Oversee security patching within release management cycles to ensure regulatory compliance

- Automate security workflows using AWS Security Hub, Inspector, Patch Manager, and EventBridge

- Build and maintain automated vulnerability mitigation tasks using AWS CodeBuild

- Use Terraform for Infrastructure as Code (IaC) to manage cloud resources securely and efficiently

- Create detailed audit reports with actionable insights to support continuous improvement

- Collaborate with cross-functional teams to translate complex security concepts into practical solutions for technical and non-technical stakeholders

Required Skills & Qualifications :

- 6 to 8 years of experience in DevSecOps, Cloud Security, or IT Compliance

- Strong understanding of ISO 27001, SOC 2, NIST, and CIS frameworks

- Hands-on experience with AWS services, especially security tools

- Proficiency in Terraform, CI/CD pipelines, and DevOps automation

- Experience with identity and access management platforms (Okta, Cognito, etc.)

- Excellent communication and documentation skills

- Ability to work independently and lead security initiatives across teams

Preferred Qualifications :

- AWS Security Specialty

- Certified DevSecOps Professional

- Experience with container security, Kubernetes, or SAST/DAST tools

- Familiarity with SIEM platforms and security orchestration