DevSecOps Engineer

Job Description

Job Title:DevSecOps + Security Analyst Experience -57 years Office Hour-10pm- 7am IST Location- Work from home Male candidate preferred Education qualification : pg / btech , Keralite preferred. Job Summary: We are seeking a highly motivated DevSecOps + Security Analyst to integrate security practices into the DevOps pipeline and monitor, analyze, and improve our overall security posture. This hybrid role requires a strong background in both DevOps automation and cybersecurity practices , ensuring security is built into the software development lifecycle (SDLC) and infrastructure. DevSecOps Responsibilities: Integrate security tools and practices into CI/CD pipelines (e.g., GitLab CI, Jenkins, GitHub Actions). Automate security scanning (SAST, DAST, SCA, IaC scanning) and enforce policies in build/deployment stages. Work with development and operations teams to implement security controls in cloud and on-prem environments. Harden infrastructure and container images using tools like Ansible, Packer, Terraform, and Docker. Implement and manage Infrastructure-as-Code (IaC) securely using Terraform, CloudFormation, etc. Security Analyst Responsibilities: Monitor, detect, and respond to security events using SIEM (e.g., Splunk, Sentinel, or ELK). Perform vulnerability assessments and coordinate remediation efforts with IT and engineering teams. Support incident response processes and investigations. Required Qualifications: Experience in cybersecurity, DevSecOps, or security operations. Knowledge of firewalls, intrusion detection/prevention systems, endpoint protection, and log management. Experience performing security incident response and forensic analysis. Solid experience with CI/CD tools and pipeline security integration. Strong understanding of cloud platforms (AWS, Azure, or GCP) and cloud security best practices. Hands-on experience with security tools: static/dynamic analysis, container scanners, secrets scanners. Experience with scripting languages (Python, Bash, PowerShell) for automation. Familiarity with regulatory standards (SOC2, NIST, PCI-DSS, HIPAA)