DevSecOps Engineer

Job Description

DevSecOps Engineer

We are seeking an experienced DevSecOps Engineer to join our team. The successful candidate will be responsible for integrating security practices into our DevOps processes and workflows.

Responsibilities

• Implement and maintain security tools and practices within the CI/CD pipeline
• Conduct regular security assessments and vulnerability testing to identify and mitigate risks
• Collaborate with development and operations teams to ensure security is integrated throughout the software delivery lifecycle
• Automate security scanning, monitoring, and compliance checks using DevSecOps tools and technologies
• Develop and enforce security policies, standards, and best practices for infrastructure as code (IaC)
• Participate in the design and implementation of secure cloud infrastructure and architectures
• Respond to and investigate security incidents, perform root cause analysis, and implement preventive measures
• Provide training and guidance to cross-functional teams on secure coding practices and security awareness
• Stay up-to-date with the latest DevSecOps trends, tools, and industry best practices

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field
• 3+ years of experience in DevOps and/or cybersecurity roles
• Strong understanding of DevOps principles, practices, and tools (e.g., Git, Jenkins, Docker, Kubernetes)
• Proficiency in programming languages like Python, Go, or Bash scripting
• Experience with cloud platforms (AWS, Azure, GCP) and infrastructure as code tools (Terraform, CloudFormation)
• Knowledge of security frameworks, standards, and compliance regulations (e.g., NIST, OWASP, PCI-DSS)
• Familiarity with security tools and technologies (e.g., SIEM, SAST, DAST, IAST, WAF)
• Strong problem-solving, analytical, and troubleshooting skills
• Excellent communication and collaboration abilities

Preferred Qualifications:

• Relevant certifications (e.g., AWS Certified DevOps Engineer, CISSP, OSCP)
• Experience with container and Kubernetes security
• Knowledge of secure software development life cycle (S-SDLC) practices
• Familiarity with security orchestration, automation, and response (SOAR) tools
• Understanding of threat modeling and risk management methodologies

The DevSecOps Engineer plays a crucial role in bridging the gap between development, operations, and security teams, ensuring that security is an integral part of the software delivery process. The ideal candidate should have a strong background in both DevOps and cybersecurity, with hands-on experience in implementing security practices and tools within CI/CD pipelines