Talent.com
This job offer is not available in your country.
DevSecOps Engineer - SAST / DAST

DevSecOps Engineer - SAST / DAST

TALENT HUNT PLACEMENTS AND CONSULTANCYIndia
30+ days ago
Job description

About the Role :

We are looking for a skilled DevSecOps Engineer to integrate robust security practices into our DevOps pipelines.

You will work at the intersection of development, security, and operations, ensuring our software development lifecycle (SDLC) is secure, automated, and scalable.

The ideal candidate is passionate about infrastructure automation, security by design, and continuous delivery with a security-first mindset.

Key Responsibilities :

  • Embed security practices and tools into CI / CD pipelines (e.g., Jenkins, GitLab CI, Azure DevOps, CircleCI).
  • Automate static (SAST), dynamic (DAST), and dependency (SCA) scanning using tools like SonarQube, Checkmarx, Fortify, Veracode, or Snyk.
  • Implement container security scanning (e.g., Aqua, Prisma Cloud, Anchore, or Trivy).
  • Manage infrastructure as code (IaC) with tools such as Terraform, Ansible, Pulumi, or CloudFormation.
  • Build and secure Docker containers, Kubernetes clusters, and deployment pipelines.
  • Apply least privilege access and secrets management practices using Vault, AWS Secrets Manager, or Azure Key Vault.
  • Implement logging, monitoring, and alerting for security events (using tools like ELK, Splunk, Prometheus, or Grafana).
  • Support compliance initiatives (e.g., ISO 27001, SOC 2, GDPR, HIPAA) by aligning DevOps processes with security and audit requirements.
  • Monitor infrastructure vulnerabilities and remediate in coordination with development and ops teams.
  • Collaborate with developers, DevOps, security, and QA teams to ensure secure coding and

deployment practices.

  • Conduct threat modeling, risk assessments, and security reviews for new features or deployments.
  • Educate engineering teams on secure development and deployment practices.

    • Required Skills & Qualifications :

  • 3+ years of experience in DevOps, Cloud Security, or Application Security.
  • Strong experience with CI / CD pipeline tools (e.g., Jenkins, GitLab CI, GitHub Actions, Bamboo).
  • Experience with at least one public cloud provider (AWS, Azure, or GCP).
  • Hands-on experience with container technologies (Docker, Kubernetes) and their security tools.
  • Proficiency in scripting languages (Python, Bash, Shell, etc.)
  • Familiarity with IAM, RBAC, firewalls, and network security controls.
  • Knowledge of common security frameworks (OWASP Top 10, CIS Benchmarks).
  • Understanding of SDLC, software composition analysis (SCA), and secure code development

    • (ref : hirist.tech)

    Create a job alert for this search

    Engineer • India