Posted:4 days ago|
Platform:
On-site
Full Time
We are seeking a DevSecOps Engineer who will work at the intersection of security, DevOps, and development to ensure security is embedded throughout our SDLC. This role requires deep technical expertise in secure code review, static and dynamic application security testing (SAST/DAST), and infrastructure governance, especially in the segregation of environments, separation of duties, and branch protection in source control systems.
● Conduct manual and automated code reviews to identify security vulnerabilities (e.g., XSS, SQLi, logic f laws).
● Define and implement SAST and DAST pipelines using tools such as SNYK, Checkmarx, Fortify, OWASP ZAP, or Burp Suite.
● Collaborate with development teams to remediate vulnerabilities and educate on secure coding standards (e.g., OWASP Top 10).
● Integrate security controls into CI/CD pipelines using tools like GitHub Actions, Jenkins, and GitLab CI.
● Define and enforce branch protection rules, code signing, and commit validation policies (e.g., mandatory code reviews, signed commits).
● Work closely with DevOps to ensure security-as-code is implemented across build, test, and deployment stages.
● Ensure proper segregation between development, staging, and production environments, following least privilege principles.
● Collaborate with infra and cloud teams to enforce network and access segregation (e.g., VPC segmentation, IAM policies).
● Define and monitor separation of duties policies between developers, testers, and deployers.
● Create security baselines and compliance checks (e.g., CIS Benchmarks, SOC 2/ISO 27001 readiness).
● Set up auditing and alerting for anomalous activities in source control and deployment platforms.
● Deploy and maintain security tools (e.g., GitGuardian, Aqua, Prisma Cloud) to detect hard-coded secrets, policy violations, and misconfiguration.
● Automate remediation workflows where possible (e.g., auto-patching vulnerable dependencies).
● 3–5+ years in DevSecOps, AppSec, or a combined development and security engineering role.
● Strong hands-on experience in secure coding, application security testing, and source code analysis.
● Solid knowledge of CI/CD pipelines, version control (especially GitHub/GitLab), and branch control strategies.
● Familiarity with cloud platforms (AWS, Azure, GCP) and security practices for each.
● In-depth understanding of network security, access controls, and zero trust architecture.
● Practical knowledge of regulatory or compliance frameworks (e.g., ISO 27001, SOC 2, NIST). Preferred Qualifications
● Experience working with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation) with embedded security checks.
● Familiarity with container security (Docker, Kubernetes, image scanning).
● Certifications: OSCP, CSSLP, CEH, GSEC, or AWS Security Specialty.
● Contributions to open-source security tools or projects is a plus.
● Time-to-remediate for identified vulnerabilities.
● Percentage of pipelines with integrated SAST/DAST.
● Number of policy violations prevented via branch rules and access controls.
● Coverage of secure coding training among developers.
INC Global Pvt Ltd
Upload Resume
Drag or click to upload
Your data is secure with us, protected by advanced encryption.
Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.
We have sent an OTP to your contact. Please enter it below to verify.
Instantly access job listings, apply easily, and track applications.
Hyderabad, Telangana, India
Salary: Not disclosed
Hyderabad, Telangana, India
Salary: Not disclosed
