DevSecOps Engineer

Role Overview
We are seeking a motivated Vulnerability Remediation & DevSecOps Engineer to join our security team. The ideal candidate will have hands-on experience with vulnerability management, secure coding, container security, and CI/CD pipeline integration. This role requires strong collaboration with development and DevOps teams to ensure timely remediation of vulnerabilities and adoption of secure development practices.Key ResponsibilitiesVulnerability Triage & Risk Assessment Review and analyse vulnerability findings from tools (e.g., Snyk, Trivy, Aqua, Qualys, etc.). Prioritize vulnerabilities based on severity, exploitability, and business impact. Maintain a backlog of security issues and actively track remediation progress. Code-Based Remediation Support Partner with developers to remediate vulnerabilities across multiple languages including TypeScript, Python, JavaScript, Java, Ruby, Go, HCL, Shell, and SQL variants. Provide secure coding guidance and implement secure development patterns. Assist in refactoring insecure legacy code. Container Security & Infrastructure Hardening Remediate vulnerabilities in Docker images, base OS layers, and Kubernetes (AKS) configurations. Harden CI/CD pipelines and container orchestration using IaC (Terraform, HCL). Manage and maintain secure container images in registries. Pipeline Integration & Automation Integrate security tools into CI/CD workflows (e.g., GitHub Actions, Azure DevOps). Automate remediation suggestions and enforce policy gates for critical vulnerabilities. Write scripts and automation in Shell, Python, and Go for security enforcement. Cross-Team Collaboration Act as a bridge between development, security, and DevOps teams. Host working sessions and knowledge transfers on remediation strategies and DevSecOps best practices. Drive secure SDLC adoption across engineering teams. Documentation & Reporting Maintain clear documentation on remediation strategies, architecture decisions, and tool configurations. Provide metrics and reports to leadership on vulnerability trends and remediation velocity.Qualifications & Skills13 years of hands-on experience in vulnerability management, remediation, or DevSecOps.Familiarity with vulnerability scanning tools (Snyk, Trivy, Aqua, Qualys, etc.)Experience with multiple programming languages (TypeScript, Python, JavaScript, Java, Ruby, Go, SQL, Shell scripting).Knowledge of container security, Kubernetes (AKS preferred), and IaC (Terraform, HCL).Experience with CI/CD platforms (GitHub Actions, Azure DevOps).Strong understanding of secure coding practices and secure SDLC.Excellent problem-solving, communication, and collaboration skills.

Location: Remote- Bengaluru,Hyderabad,Delhi / NCR,Chennai,Pune,Kolkata,Ahmedabad,Mumbai