DevOps Architect

About the Role

We are looking for a skilled DevSecOps Engineer with a strong background in Python scripting, cloud security, and automation. The ideal candidate will design, implement, and maintain secure DevOps pipelines and infrastructure while integrating security practices throughout the software development lifecycle (SDLC).

This role requires deep knowledge of CI/CD, Kubernetes, IaC, vulnerability management, and cloud-native security frameworks.

Key Responsibilities

Implement and manage secure CI/CD pipelines integrating automated security testing (SAST, DAST, dependency checks).

Develop Python scripts and automation tools for security validation, compliance checks, and system hardening.

Collaborate with development and operations teams to embed security best practices into build and deployment workflows.

Configure and maintain Kubernetes clusters (EKS/GKE/AKS) with a focus on security controls like RBAC, network policies, and pod security.

Manage Infrastructure as Code (IaC) using Terraform, CloudFormation, or similar tools with integrated compliance checks.

Implement vulnerability scanning (e.g., Trivy, Aqua, Anchore) and image signing for containerized environments.

Integrate Secret Management solutions (HashiCorp Vault, AWS Secrets Manager, or SOPS).

Monitor infrastructure and applications using tools like Prometheus, Grafana, ELK, and implement alerting for security incidents.

Ensure compliance with frameworks such as CIS Benchmarks, NIST, or OWASP standards.

Conduct regular threat modeling and participate in security audits.

Required Skills & Experience

7+ years of experience in DevSecOps, Cloud Security, or DevOps Engineering.

Strong programming/scripting experience in Python for automation and security tooling.

Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, or ArgoCD).

Experience with Kubernetes and container orchestration (EKS, GKE, AKS).

Expertise in Cloud Platforms (AWS / Azure / GCP).

Knowledge of IAM policies, RBAC, security groups, and network access controls.

Hands-on with Terraform, Helm, Docker, and Linux system administration.

Understanding of API security, web application firewalls (WAF), and TLS/SSL management.

Familiarity with static and dynamic code analysis tools like SonarQube, Bandit, or Checkov.

Experience with logging and monitoring using ELK, CloudWatch, or Splunk.