Devsecops Engineer

Job Title

Job Summary

We are seeking a DevSecOps Engineer to embed security throughout the software development lifecycle. You will work closely with development, operations, and security teams to automate security controls, strengthen CI/CD pipelines, and ensure scalable, compliant, and resilient systems in cloud and hybrid environments.

Key Responsibilities

Integrate security practices into CI/CD pipelines (shift-left security)

Design, implement, and maintain secure cloud infrastructure (AWS, Azure, GCP)

Automate security testing (SAST, DAST, SCA, IaC scanning, container scanning)

Manage secrets, keys, and certificates securely (Vault, KMS, Secrets Manager)

Implement and monitor security controls for containers and Kubernetes

Perform threat modeling, risk assessments, and security architecture reviews

Respond to and investigate security incidents and vulnerabilities

Ensure compliance with standards (ISO 27001, SOC 2, PCI-DSS, HIPAA, etc.)

Collaborate with developers to improve secure coding practices

Maintain logging, monitoring, and alerting for security events

Required Skills & Qualifications

Strong experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, Azure DevOps)

Proficiency in cloud platforms (AWS, Azure, or GCP)

Infrastructure as Code (Terraform, CloudFormation, ARM)

Containerization and orchestration (Docker, Kubernetes)

Security tools: SAST/DAST, dependency scanning, container security tools

Scripting/programming (Python, Bash, Go, or similar)

Solid understanding of networking, IAM, and security fundamentals

Experience with Linux systems

Preferred / Nice-to-Have

Experience with Zero Trust architecture

Knowledge of OWASP Top 10 and secure coding standards

Familiarity with SIEM/SOAR tools

Security certifications (e.g., CISSP, CISM, CCSP, AWS Security Specialty)

Experience in regulated environments