DevSecOps

Job Description

What's In It For You? Drive Secure Innovation: Be at the forefront of integrating security into the development lifecycle of a cutting-edge, unified platform for a leading global financial institution. Your expertise will ensure the platform is robust, resilient, and secure from day one. Modern Tooling & Practices: Work extensively with modern DevSecOps tools and practices, including CI/CD pipelines (GitHub Actions), infrastructure as code, containerization, and automated security testing within a cloud environment (GCP). Career Defining Project: This high-visibility project offers significant opportunities to deepen your DevSecOps expertise in an enterprise setting, working on a platform designed for massive scale and international reach. Collaborative & Agile Culture: Join a dynamic, high-performing Agile team. Champion security best practices and contribute to a culture where security is everyone's responsibility, working alongside talented engineers and operations specialists. Build Resilient Systems: Implement and manage robust monitoring, logging, and alerting solutions to ensure the platform's reliability, security, and performance for hundreds of thousands of users. Your Role: As a DevSecOps Engineer at Aviato Consulting, you will be instrumental in embedding security throughout the software development lifecycle (SDLC) for a transformative project. You'll focus on building secure and efficient CI/CD pipelines, implementing security controls, and fostering a security-first mindset within the development teams. Key Responsibilities (Concise): Design, build, and maintain secure, automated CI/CD pipelines (e.g., using GitHub Actions) for building, testing, and deploying applications. Integrate automated security testing tools (SAST, DAST, SCA) into CI/CD pipelines. Implement and manage infrastructure as code (IaC) to ensure consistent and secure environments. Collaborate with development and SRE teams to implement robust monitoring, logging, and alerting solutions for security events and system health. Manage and secure containerized applications and orchestration platforms (e.g., Kubernetes on GCP). Conduct security assessments, vulnerability scanning, and assist with penetration testing remediation. Develop and enforce security policies, standards, and best practices across the project. Automate security controls and compliance checks. Respond to and investigate security incidents, working with teams on remediation. Champion DevSecOps principles and provide security guidance to development squads. What We're Looking For: Bachelor's degree in Computer Science, Information Security, or a related field. Minimum 5 years of experience in a DevOps or DevSecOps role. Strong hands-on experience with CI/CD tools (e.g., GitHub Actions, Jenkins, GitLab CI). Proficiency in scripting languages (e.g., Python, Bash). Experience with infrastructure as code tools (e.g., Terraform, Ansible). Knowledge of containerization technologies (e.g., Docker, Kubernetes). Experience with cloud security principles and services, particularly on GCP (Google Cloud Platform). Familiarity with security testing tools (SAST, DAST, SCA) and vulnerability management. Understanding of secure coding practices, threat modeling, and common application security vulnerabilities (OWASP Top 10). Experience with monitoring and logging tools (e.g., Prometheus, Grafana, ELK stack). Strong problem-solving skills and a proactive approach to security. Excellent communication and collaboration skills. Relevant security certifications (e.g., CISSP, GCSA, Certified Kubernetes Security Specialist) are a strong plus. Ready to secure the future of financial technology? Apply now to join Aviato Consulting! We are an equal opportunity employer and value diversity at our company. Show more Show less