DevSecOps Engineer

Job Summary

• Collaborate with development, operations, and security teams to integrate security best practices and tools into the software development life cycle.
• Shift Left Approach to security within the pipelines, to scan and update IaC code for relevant Benchmark/frameworks and industry best Practices.
• Design, implement, and maintain security automation and monitoring tools to identify and remediate security vulnerabilities in applications and infrastructure.
• Perform regular security assessments, penetration testing, and vulnerability scanning to proactively identify and address potential security risks.
• Develop and maintain security policies, guidelines, and procedures to ensure consistent and secure development practices across the organisation.
• Monitor and analyse security incidents to improve security measures and prevent future incidents.
• Assist in incident response and remediation efforts, providing expertise in security incident management and root cause analysis.
• Ensure compliance with industry regulations and standards, such as GDPR, HIPAA, PCI DSS, or other relevant frameworks.
• Educate and train development and operations teams on secure coding practices, security tooling, and the latest security trends and threats.
• Continuously evaluate and recommend new security technologies and best practices to improve the organisations overall security posture.

Requirements:

• Bachelors degree in computer science, information security, or a related field, or equivalent experience.
• Strong understanding of secure software development practices, such as OWASP Top Ten, secure coding principles, and threat modeling.
• Familiarity with security technologies and tools, including vulnerability scanners, intrusion detection systems, firewalls, and encryption technologies.
• Terraform IaC
• Proficiency in one or more programming or scripting languages (e.g., Python, Ruby, JavaScript, Go).
• Experience with CI/CD pipelines, automation tools, and containerisation technologies (e.g., Jenkins, Github Actions, GitLab CI/CD, Docker, Kubernetes).
• Knowledge of cloud platforms (e.g., AWS, Azure, GCP) and their respective security services, best practices, and compliance requirements.
• Strong analytical, problem-solving, and communication skills.
• Relevant industry certifications, such as CISSP, CEH, or CompTIA Security+, are a plus.