DevSecOps Eng

Job Summary

We are seeking an experienced DevSecOps Engineer with 5-6 years of experience to join our team. In this role, you will be instrumental in integrating security best practices throughout our entire software development lifecycle (SDLC). You will bridge the gap between development, security, and operations, ensuring that our applications and infrastructure are secure from the outset.

Responsibilities

• Design and Implement Security Automation: Architect and deploy automated security tools within our CI/CD pipelines to perform static application security testing (SAST), dynamic application security testing (DAST), and container security scanning.
• Secure Cloud Infrastructure: Work with cloud services (AWS, Azure, GCP) to ensure our infrastructure is configured securely, adhering to best practices like the principle of least privilege and network segmentation.
• Threat Modeling and Risk Assessment: Conduct regular threat modeling exercises to identify potential security vulnerabilities and collaborate with development teams to mitigate risks.
• Incident Response and Monitoring: Develop and maintain security monitoring and alerting systems to detect and respond to security incidents.
• Security Policy and Compliance: Define and enforce security policies, standards, and procedures to ensure compliance with industry regulations and internal requirements.
• Collaboration and Training: Collaborate with development, QA, and operations teams to embed a security culture. Provide training and guidance on secure coding practices and security tools.
• Customer Security Assessments: Support responses to customer information security questionnaires, ensuring accurate representation of our security controls and practices.
• SOC 2 and Compliance Programs: Lead or assist in maintaining the company’s SOC 2 certification and other compliance programs, including gathering evidence, coordinating with auditors, and driving continuous improvement of controls.

Qualifications

• Experience: 5-6 years of professional experience in a DevSecOps, DevOps, or security-focused role.
• CI/CD Tools: Proficient with CI/CD tools such as Jenkins, GitLab CI, or CircleCI.
• Scripting: Strong scripting skills in languages such as Python, Bash, or PowerShell for automation.
• Cloud Platforms: Hands-on experience with at least one major cloud provider (AWS, Azure, or GCP) and familiarity with infrastructure as code tools like Terraform, Pulumi, or CloudFormation.
• Security Tools: Expertise with security tools for SAST (e.g., SonarQube, Fortify), DAST (e.g., Burp Suite, OWASP ZAP), and container security (e.g., Clair, Trivy).
• Containerization and Orchestration: Experience with Docker and Kubernetes.
• Soft Skills: Excellent problem-solving, communication, and collaboration skills.

Preferred Skills

• Relevant certifications such as CISSP, SANS GIAC, or AWS/Azure Security Specialist.
• Experience with a security information and event management (SIEM) system like Splunk or ELK Stack.
• Familiarity with compliance frameworks like PCI DSS, HIPAA, or SOC 2.

Experience

5-6 years of professional experience in a DevSecOps, DevOps, or security-focused role