DevSecOps Engineer Job Description

We're looking for an experienced DevSecOps Engineer with 5-6 years of experience to join

our team. In this role, you'll be instrumental in integrating security best practices throughout our

entire software development lifecycle (SDLC). You'll bridge the gap between development,

security, and operations, ensuring our applications and infrastructure are secure from the

get-go.

Responsibilities

●

●

●

●

●

●

●

●

Design and Implement Security Automation: Architect and deploy automated

security tools within our CI/CD pipelines to perform static application security testing

(SAST), dynamic application security testing (DAST), and container security scanning.

Secure Cloud Infrastructure: Work with cloud services (AWS, Azure, GCP) to

ensure our infrastructure is configured securely, adhering to best practices like the

principle of least privilege and network segmentation.

Threat Modeling and Risk Assessment: Conduct regular threat modeling exercises

to identify potential security vulnerabilities and work with development teams to

mitigate risks.

Incident Response and Monitoring: Develop and maintain security monitoring and

alerting systems to detect and respond to security incidents.

Security Policy and Compliance: Define and enforce security policies, standards,

and procedures to ensure compliance with industry regulations and internal

requirements.

Collaboration and Training: Collaborate with development, QA, and operations

teams to embed security culture. Provide training and guidance on secure coding

practices and security tools.

Customer Security Assessments: Support responses to customer information

security questionnaires, ensuring accurate representation of our security controls and

practices.

SOC 2 and Compliance Programs: Lead or assist in maintaining the company’s

SOC 2 certification and other compliance programs, including gathering evidence,

coordinating with auditors, and driving continuous improvement of controls.

Required Skills and Qualifications

●

●

●

Experience: 5-6 years of professional experience in a DevSecOps, DevOps, or a

security-focused role.

CI/CD Tools: Proficient with CI/CD tools like Jenkins, GitLab CI, or CircleCI.

Scripting: Strong scripting skills in languages such as Python, Bash, or PowerShell

for automation.●

●

●

●

Cloud Platforms: Hands-on experience with at least one major cloud provider (AWS,

Azure, or GCP) and familiarity with infrastructure as code tools like Terraform,

Pulumi or CloudFormation.

Security Tools: Expertise with security tools for SAST (e.g., SonarQube, Fortify),

DAST (e.g., Burp Suite, OWASP ZAP), and container security (e.g., Clair, Trivy).

Containerization and Orchestration: Experience with Docker and Kubernetes.

Soft Skills: Excellent problem-solving, communication, and collaboration skills.

Preferred Qualifications

●

Relevant certifications such as CISSP, SANS GIAC, or AWS/Azure Security

●

●

Specialist.

Experience with a security information and event management (SIEM) system like

Splunk or ELK Stack.

Familiarity with compliance frameworks like PCI DSS, HIPAA, or SOC 2.