We are seeking a skilled and proactive DevSecOps Engineer to join our dynamic technology team.
The ideal candidate will be responsible for integrating security into every phase of the software development and deployment lifecycle, ensuring that our applications and infrastructure are robust, secure, and compliant with industry standards.
Key Responsibilities
- Embed security practices and principles into DevOps processes, automating security checks and controls throughout CI/CD pipelines.
- Collaborate with development, operations, and security teams to design and implement secure cloud and on-premises infrastructure.
- Conduct regular vulnerability assessments, threat modeling, and risk analysis to identify security gaps and recommend solutions.
- Develop and maintain security automation tools and scripts to enforce policies and monitor environments.
- Monitor, detect, and respond to security incidents, coordinating incident response activities as required.
- Stay current on emerging security technologies, threats, and best practices; proactively recommend improvements.
- Document security processes, procedures, and compliance controls, ensuring regulatory and policy adherence.
- Educate and train team members on secure coding, DevSecOps methodologies, and threat awareness.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- Hands-on experience with DevOps tools (e.g., Jenkins, GitLab CI/CD, Docker, Kubernetes, Terraform).
- Proficiency in scripting languages (e.g., Python, Bash, PowerShell).
- Strong understanding of security frameworks, standards, and best practices (e.g., OWASP, NIST, CIS).
- Experience with cloud platforms (e.g., AWS, Azure, GCP) and their security features.
- Knowledge of infrastructure-as-code (IaC) and security automation.
- Familiarity with monitoring, logging, and SIEM solutions.
- Excellent problem-solving, analytical, and communication skills.
- Relevant certifications (e.g., AWS Certified Security, Certified DevSecOps Professional, CISSP) are a plus.