DevSecOps Engineer - CI / CD Pipeline

Description : About the Role :

We are seeking a skilled DevSecOps Engineer to join our team and embed security practices throughout our software development lifecycle.

In this role, you will be responsible for integrating security into our DevOps processes, automating security checks, managing infrastructure as code securely, and ensuring compliance with security policies.

You will collaborate closely with development, operations, and security teams to deliver secure, scalable, and resilient software solutions.

Key Responsibilities :

• Design, implement, and maintain security controls and automation within the CI / CD pipelines.
• Integrate security testing tools such as static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and vulnerability scanning into development workflows.
• Manage Infrastructure as Code (IaC) securely using tools like Terraform, CloudFormation, or Ansible.
• Collaborate with development and operations teams to identify and remediate security vulnerabilities in applications and infrastructure.
• Implement and enforce security best practices for containerized environments and orchestration platforms like Docker and Kubernetes.
• Monitor and respond to security incidents and alerts related to the CI / CD pipeline and cloud infrastructure.
• Conduct threat modeling and risk assessments during application and infrastructure design phases.
• Ensure compliance with industry security standards and frameworks such as OWASP, NIST, ISO 27001, and GDPR.
• Develop security metrics and reporting to provide visibility into security posture and improvements.
• Continuously evaluate emerging security tools, techniques, and threats, recommending and implementing enhancements to the DevSecOps Bachelors degree in Computer Science, Information Security, Engineering, or related field.
• 3+ years of experience in DevOps, Security Engineering, or related roles with a focus on integrating security in software delivery.
• Strong experience with CI / CD tools such as Jenkins, GitLab CI, CircleCI, or Azure DevOps.
• Proficiency in scripting and automation using languages like Python, Bash, or PowerShell.
• Hands-on experience with security tools such as SAST (SonarQube, Checkmarx), DAST (OWASP ZAP, Burp Suite), and vulnerability scanners (Nessus, Qualys).
• Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native environments.
• Familiarity with container security and orchestration platforms including Docker and Kubernetes.
• Knowledge of Infrastructure as Code (IaC) and related security practices.
• Strong understanding of network security, identity and access management (IAM), and encryption technologies.
• Excellent problem-solving skills and ability to work collaboratively in cross-functional teams.
• Relevant certifications such as CISSP, CISM, CEH, or AWS Certified Security Specialty are a plus

(ref : hirist.tech)