Overview
We’re seeking a hands-on DevSecOps Engineer who thrives at the intersection of automation, infrastructure, and security engineering. In this role, you’ll drive the integration of security into every stage of our development and deployment lifecycle—ensuring our cloud infrastructure and CI / CD pipelines are secure, scalable, and resilient. The ideal candidate has a strong foundation in both DevOps and security practices, and is passionate about building tools, processes, and partnerships that protect sensitive data and support secure, reliable service delivery across our global platforms.
Responsibilities
- Design, implement, and manage secure, scalable infrastructure using modern DevOps practices.
- Collaborate with development teams to integrate security into the CI / CD pipeline.
- Perform security assessments and vulnerability scans to identify and mitigate risks.
- Monitor systems and applications for security breaches and respond promptly.
- Provide guidance and training on secure coding practices and DevOps methodologies.
- Develop and maintain automation scripts and tools to enhance security and efficiency.
- Ensure compliance with industry standards and regulations, such as GDPR and ISO 27001.
- Participate in incident response and post-mortem analysis to improve security posture.
- Collaborate with cross-functional teams to drive security initiatives and continuous improvements.
- Cloud infrastructure scanning for vulnerabilities and fix implementation.
- Knowledge on helm chart upgrade of security products with assessment POC.
Qualifications
5+ years of experience in DevSecOps, cloud security, or secure software delivery.Hands-on experience with cloud platforms such as AWS, Azure, or GCP.Proficiency with CI / CD systems (., GitHub Actions, GitLab CI, Jenkins, Bitbucket pipelines, Gitops).Strong scripting skills in Python, Bash, or similar.Experience with container security (Docker, Kubernetes, image scanning, runtime hardening).Golden image creation and key rotation.Familiarity with IaC tools like Terraform, CloudFormation, or Pulumi.Working knowledge of AppSec tools (., Snyk, Trivy, Checkov, Burp Suite, OWASP ZAP).Understanding of common cloud and application vulnerabilities (OWASP Top 10, CIS Benchmarks).Preferred Qualifications
Experience with secure software development lifecycle (SSDLC) practices.Knowledge of Zero Trust security principles and access controls.Exposure to regulatory frameworks such as SOC 2, NIST, ISO 27001, or SOX.What do we offer