Devsecops Engineer

Job Description

Job Summary: We are looking for a skilled DevSecOps Engineer to join our team and help integrate security practices into our DevOps processes. You will work closely with development, operations, and security teams to build secure, scalable, and automated systems. Your role will be crucial in ensuring that security is embedded in every stage of the software development lifecycle. Key Responsibilities: Collaborate with development, QA, and operations teams to integrate security best practices into CI/CD pipelines. Design, implement, and maintain automated security testing tools such as SAST, DAST, and vulnerability scanning. Manage and configure security tools for container security, cloud security, and infrastructure security. Conduct threat modeling, risk assessments, and security audits for applications and infrastructure. Monitor security alerts and respond to incidents, performing root cause analysis and remediation. Implement and manage identity and access management (IAM) policies. Maintain infrastructure as code (IaC) using tools like Terraform, CloudFormation, or Ansible, ensuring compliance with security standards. Stay updated with the latest security vulnerabilities, threats, and mitigation techniques. Educate and mentor development and operations teams on security best practices and secure coding principles. Participate in compliance audits and contribute to documentation related to security policies and procedures. Required Skills and Qualifications: Bachelors degree in Computer Science, Information Security, or a related field (or equivalent experience). Proven experience in DevSecOps, DevOps, or Security Engineering roles. Strong knowledge of CI/CD tools such as Jenkins, GitLab CI, CircleCI, or others. Hands-on experience with security tools: SAST (e.g., SonarQube, Checkmarx), DAST (e.g., OWASP ZAP, Burp Suite), vulnerability scanners (e.g., Nessus, Qualys). Proficient in scripting languages like Python, Bash, or PowerShell. Experience with container security tools (e.g., Aqua Security, Twistlock, Clair). Deep understanding of cloud platforms (AWS, Azure, GCP) and their security features. Experience with infrastructure as code (Terraform, CloudFormation, Ansible). Familiarity with compliance frameworks such as PCI-DSS, SOC 2, ISO 27001, GDPR, etc. Strong problem-solving skills and ability to work independently or within a team. Excellent communication and collaboration skills. Role & responsibilities Preferred candidate profile