<p><b>DevSecOps Engineer Job Description</b></p> <p>We&#39;re looking for an experienced <b>DevSecOps Engineer</b> with <b>5-6 years of experience</b> to join</p> <p>our team. In this role, you&#39;ll be instrumental in integrating security best practices throughout our</p> <p>entire software development lifecycle (SDLC). You&#39;ll bridge the gap between development,</p> <p>security, and operations, ensuring our applications and infrastructure are secure from the</p> <p>get-go.</p> <p><b>Responsibilities</b></p> <p>●</p> <p>●</p> <p>●</p> <p>●</p> <p>●</p> <p>●</p> <p>●</p> <p>●</p> <p><b>Design and Implement Security Automation:</b> Architect and deploy automated</p> <p>security tools within our CI/CD pipelines to perform static application security testing</p> <p>(SAST), dynamic application security testing (DAST), and container security scanning.</p> <p><b>Secure Cloud Infrastructure:</b> Work with cloud services (AWS, Azure, GCP) to</p> <p>ensure our infrastructure is configured securely, adhering to best practices like the</p> <p>principle of least privilege and network segmentation.</p> <p><b>Threat Modeling and Risk Assessment:</b> Conduct regular threat modeling exercises</p> <p>to identify potential security vulnerabilities and work with development teams to</p> <p>mitigate risks.</p> <p><b>Incident Response and Monitoring:</b> Develop and maintain security monitoring and</p> <p>alerting systems to detect and respond to security incidents.</p> <p><b>Security Policy and Compliance:</b> Define and enforce security policies, standards,</p> <p>and procedures to ensure compliance with industry regulations and internal</p> <p>requirements.</p> <p><b>Collaboration and Training:</b> Collaborate with development, QA, and operations</p> <p>teams to embed security culture. Provide training and guidance on secure coding</p> <p>practices and security tools.</p> <p><b>Customer Security Assessments:</b> Support responses to customer information</p> <p>security questionnaires, ensuring accurate representation of our security controls and</p> <p>practices.</p> <p><b>SOC 2 and Compliance Programs</b>: Lead or assist in maintaining the company&rsquo;s</p> <p>SOC 2 certification and other compliance programs, including gathering evidence,</p> <p>coordinating with auditors, and driving continuous improvement of controls.</p> <p><b>Required Skills and Qualifications</b></p> <p>●</p> <p>●</p> <p>●</p> <p><b>Experience:</b> 5-6 years of professional experience in a DevSecOps, DevOps, or a</p> <p>security-focused role.</p> <p><b>CI/CD Tools:</b> Proficient with CI/CD tools like <b>Jenkins, GitLab CI, or CircleCI</b>.</p> <p><b>Scripting:</b> Strong scripting skills in languages such as <b>Python, Bash, or PowerShell</b></p> <p>for automation.●</p> <p>●</p> <p>●</p> <p>●</p> <p><b>Cloud Platforms:</b> Hands-on experience with at least one major cloud provider (<b>AWS,</b></p> <p><b>Azure, or GCP</b>) and familiarity with infrastructure as code tools like <b>Terraform,</b></p> <p><b>Pulumi or CloudFormation</b>.</p> <p><b>Security Tools:</b> Expertise with security tools for <b>SAST (e.g., SonarQube, Fortify),</b></p> <p><b>DAST (e.g., Burp Suite, OWASP ZAP), and container security (e.g., Clair, Trivy)</b>.</p> <p><b>Containerization and Orchestration:</b> Experience with <b>Docker and Kubernetes</b>.</p> <p><b>Soft Skills:</b> Excellent problem-solving, communication, and collaboration skills.</p> <p><b>Preferred Qualifications</b></p> <p>●</p> <p>Relevant certifications such as <b>CISSP, SANS GIAC, or AWS/Azure Security</b></p> <p>●</p> <p>●</p> <p><b>Specialist</b>.</p> <p>Experience with a security information and event management (<b>SIEM</b>) system like</p> <p>Splunk or ELK Stack.</p> <p>Familiarity with compliance frameworks like <b>PCI DSS, HIPAA, or SOC 2</b>.</p>