Principal DevSecOps Engineer

About Zscaler :

Our Engineering team built the world’s largest cloud security platform from the ground up, and we keep building. With more than 100 patents and big plans for enhancing services and increasing our global footprint, the team has made us and our multitenant architecture today's cloud security leader, with more than 15 million users in 185 countries. Bring your vision and passion to our team of cloud architects, software engineers, security experts, and more who are enabling organizations worldwide to harness speed and agility with a cloud-first strategy.

About the Role :

We're looking for an experienced DevSecOps Engineer to join our team reporting to a Director of Engineering, you'll be responsible for :

Define and evangelize the long-term vision and roadmap for DevSecOps, integrating security seamlessly into CI / CD pipelines, infrastructure-as-code (IaC), and cloud operations

Drive process improvement across the SDLC & DevSecOps landscape - integrating people, process, and technology to fundamentally drive improvements in time to delivery, code quality, code security, and developer satisfaction

Act as a key technical leader, mentor, and subject matter expert for engineering teams on all DevSecOps related matters.

Develop metrics and KPIs to measure the effectiveness and impact of DevSecOps initiatives, providing regular reports to leadership

Rich experience in establishing and delivering cross functional programs for continuous vulnerability assessment, penetration testing that has organization wide impact

Translate high-level DevSecops / security objectives into actionable DevSecOps initiatives and technical requirements leveraging industry standards like NIST Cybersecurity Framework, OWASP guidelines, and driving maturity using models like DSOMM (DevSecOps Maturity Model)

What We're Looking for (Minimum Qualifications)

Experience leading transformation initiatives across enterprises within the DevSecOps landscape with a focus on program management, change management, roadmap alignment, and communications

Bachelors in computer science or related field with 10+ years of experience managing AWS, GCP, or Private Cloud environments

Strong experience with secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Kubernetes Secrets).

In depth experience in securing the code, applications and infrastructure with a strong working experience in Security scanning SAST (e.g., Checkmarx, SonarQube), DAST (e.g., Burp Suite Enterprise, OWASP ZAP), SCA (e.g., BlackDuck, Snyk, Mend), WAF, IDS / IPS, SIEM / SOAR integration

Strong application development / Automation experience with one of the OOPS languages C / C++ / Java / Python / GO

Experienced in container orchestration (Docker, Kubernetes, EKS / GKE) and automation tools (Terraform, Ansible, CloudFormation, etc)

Experience with Git and GitOps based pipelines using GitLab, GitHub and CI automation tools like Jenkins, GitHub actions

What Will Make You Stand Out (Preferred Qualifications)

Experience with AI and ML tools in day-to-day DevSecOps activities

Experience writing and developing yaml based CI / CD Pipelines using GitLab, GitHub and knowledge of build tools like makefiles / gradle / npm / maven etc

Experience with Networking, Load Balancers, Firewalls, Web Security