DevSecOps Engineer

Overview

We are seeking a DevSecOps Specialist to strengthen our security posture across the software development lifecycle. This role integrates security best practices into CI/CD pipelines, cloud infrastructure, and application delivery, ensuring products are secure, compliant, and resilient from design through deployment.

Key Responsibilities

• Embed security controls into CI/CD pipelines (SAST, SCA, DAST, secrets scanning).
• Automate security testing and policy enforcement across build and release processes.
• Work closely with DevOps, Cloud, and Engineering teams to implement secure design principles.
• Manage and monitor cloud security configurations (Azure, AWS, or GCP).
• Implement and maintain vulnerability management, patching, and remediation workflows.
• Develop Infrastructure‑as‑Code (IaC) security guardrails (Terraform, ARM/Bicep, CloudFormation).
• Support incident response, threat modeling, and risk assessments.

Required Skills & Experience

• Strong background in DevOps automation (GitHub Actions, GitLab, Jenkins, Azure DevOps).
• Experience with security tools such as SonarQube, Checkmarx, Snyk, Burp Suite, OWASP ZAP, or Prisma Cloud.
• Hands‑on knowledge of container security (Kubernetes, Docker, image scanning).
• Understanding of OWASP Top 10, cloud security best practices, and secure coding standards.
• Proficiency with scripting (Python, Bash, PowerShell).

Nice to Have

• Certifications: AZ‑500, GIAC, CEH, Security , CKS.
• Experience with SIEM/SOAR tools.

Ideal For

Candidates who enjoy combining engineering, automation, and cybersecurity to build secure, scalable, cloud‑native systems.