Cloud DevSecOps Engineer

Cloud DevSecOps Engineer

Job Summary:

We are looking for a highly skilled Cloud DevSecOps Engineer to integrate security practices into the development and operations processes within our cloud environment. This role involves implementing and managing security automation, ensuring secure cloud infrastructure, and automating security controls across the full software development lifecycle (SDLC). The ideal candidate will have deep expertise in cloud platforms (such as Google(preferred), OCI), DevOps practices, and security automation, ensuring the cloud infrastructure is not only efficient and scalable but also secure and compliant.

Key Responsibilities:

• Security Integration: Integrate security practices into DevOps pipelines by embedding security testing, code analysis, and vulnerability scanning into CI/CD workflows.
• Cloud Infrastructure Security: Design and implement security controls for cloud infrastructure (AWS, Azure, GCP), including network security, identity management, access control, and encryption.
• Automation & Infrastructure as Code (IaC): Leverage Infrastructure as Code (IaC) tools like Terraform, CloudFormation, or Ansible to automate the deployment and security configuration of cloud resources.
• Security Testing & Scanning: Implement security testing tools (e.g., SAST, DAST, static and dynamic scanning) to detect vulnerabilities early in the development lifecycle and ensure the security of code, containers, and infrastructure.
• Compliance Management: Ensure cloud infrastructure meets industry standards and regulatory requirements, such as GDPR, HIPAA, SOC 2, and others. Automate compliance checks and audits for cloud resources.
• Incident Response & Threat Detection: Collaborate with security operations teams to identify, respond to, and resolve security incidents. Implement monitoring solutions that detect and alert suspicious activities or potential breaches.
• Vulnerability Management: Identify, assess, and remediate security vulnerabilities across the cloud environment, including patch management and proactive vulnerability mitigation.
• Access & Identity Management: Implement and manage identity and access management (IAM) policies, enforce least privilege access, and ensure the secure management of credentials and secrets (e.g., GCP IAM, Active Directory, HashiCorp Vault).
• Cloud Security Best Practices: Continuously evaluate and implement best practices in cloud security, including securing cloud-native applications, containerized environments (Docker/Kubernetes), and serverless architectures.
• Collaboration & Education: Collaborate with development, operations, and security teams to promote a culture of security awareness, educate teams on secure coding practices, and assist with security-related incidents and troubleshooting.
• Continuous Improvement: Continuously evaluate and improve security processes, tools, and technologies to stay ahead of evolving threats and to drive a DevSecOps culture across the organization.