Talent.com
This job offer is not available in your country.
DevSecOps Engineer

DevSecOps Engineer

ServCrustranchi, jharkhand, in
1 day ago
Job description

About the Role :

We are looking for a proactive and technically skilled DevSecOps Engineer to integrate and operationalize security across our DevOps pipelines and cloud infrastructure. This role serves as a critical link between our security and engineering teams, embedding robust security practices into every stage of the software development lifecycle (SDLC), CI / CD workflows, and cloud-native deployments.

The ideal candidate is passionate about automation, prevention-focused, and experienced in building scalable security controls within fast-paced engineering environments.

Key Responsibilities

1. Secure DevOps & Control Enforcement

  • Monitor CI / CD pipelines (e.g., AWS Code Pipeline, GitHub Actions) for policy violations, secret exposures, and insecure configurations.
  • Analyze and interpret results from security tools like SAST , DAST , IAST (e.g., SonarQube, Check Marx, OWASP ZAP, Dependency-Check).
  • Perform vulnerability triage on container scan reports and provide remediation guidance (e.g., base image hardening).
  • Conduct Infrastructure-as-Code (IaC) security reviews (Terraform, CloudFormation) to detect misconfigurations pre-deployment.
  • Enforce security guardrails within pipeline configurations (e.g., code signing, mandatory static analysis steps).
  • Monitor logs and security dashboards for anomalies in production and staging environments.
  • Provide real-time support for security events within the CI / CD or cloud infrastructure.

2. Security Automation & Collaboration

  • Implement automated security controls across CI / CD pipelines and track vulnerability status using tools like JIRA.
  • Develop scripts and automation for preventive controls and repeatable security checks (e.g., Python, Bash, Groovy).
  • Work closely with development and platform teams to promote secure coding, library hygiene, and secure deployment practices.
  • Participate in threat modeling, design reviews, and secure architecture discussions for new or evolving services.
  • Maintain clear documentation including playbooks, tool configurations, and developer security guidelines.
  • Evaluate and conduct POCs for emerging security tools, integrating effective solutions into the SDLC.

    • Ongoing Contributions

  • Track remediation SLAs for high-priority vulnerabilities in deployed applications.
  • Audit CI / CD pipelines for insecure bypasses or outdated security controls.
  • Review source code repository settings (branch protections, token scopes, access control).
  • Facilitate developer training and workshops on secure coding practices.
  • Update and maintain DevSecOps dashboards and metrics in collaboration platforms (e.g., JIRA, Confluence).
  • Contribute to post-incident reviews and drive continuous improvement of security response processes.

    • Qualifications & Experience

  • 2–4 years of hands-on experience in DevSecOps, Application Security, or Security Engineering .
  • Strong knowledge of CI / CD pipelines , version control systems, and security toolchains.
  • Practical experience with scripting languages (e.g., Python, Bash) and pipeline configurations (e.g., YAML).
  • Familiarity with cloud-native infrastructure (AWS, Azure, GCP) and associated security controls.
  • Understanding of security frameworks and standards (e.g., OWASP Top 10 , SANS CWE 25 , NIST , CIS ).
  • Experience with container security (Docker, Kubernetes) and vulnerability management.

    • Soft Skills & Attributes

  • Detail-oriented, with a strong focus on proactive security and automation.
  • Able to collaborate effectively across engineering, QA, and operations teams.
  • Strong analytical and problem-solving skills within dynamic DevOps environments.
  • Excellent communication and technical documentation abilities.
  • Self-driven, curious, and eager to stay ahead of evolving security challenges.

    • Why Join Us?

  • Work in a security-first culture with modern tech stacks.
  • Be at the forefront of securing cloud-native applications.
  • Collaborate with passionate professionals across engineering and security.
  • Grow in a role that offers continuous learning and impact.
    • Create a job alert for this search

    Engineer • ranchi, jharkhand, in