Devsecops Engineer

Job Description

Role & responsibilities SecOps Standards: Develop and update application security standards, secure coding principles, and threat modelling processes. Application Security Support: Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance. Vulnerability Assessment: Leverage automated tools and manual testing methods to identify vulnerabilities in codebase and engage in Static and Dynamic application security testing and engage in security automation efforts and process improvements. Penetration Testing: Exposure to web application and APIs application penetration tests. And conduct network and cloud penetration tests to identify security weaknesses. Security Monitoring & Incident Response: Deploy and manage security tools, detect threats, prevent sensitive data leaks and address incidents. Infrastructure & Cloud Security: Safeguard infrastructure on AWS, GCP, or Azure, focusing on encryption, IAM, and network security. \Security Automation: Integrate security into CI/CD pipelines and automate compliance checks. Compliance & Governance: Ensure adherence to security regulations (e.g., GDPR, SOC 2, ISO 27001). Threat Intelligence: Stay updated on emerging threats and apply security best practices. Preferred candidate profile Experience: Minimum of 3-5 years in DevSecOps or security engineering, with a focus on cloud security. Proficiency in DevSecOps operations and Application Security. Familiarity with secure by design and “shift left” security principles. o Strong knowledge of software security risks and threats (OWASP top 10) Secure Software Development Lifecycle (SDLC) knowledge. o Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Strong scripting skills (Python, Bash) for security automation. Proficient with cloud-native and containerized platforms with proven experience on Kubernetes (EKS), Jenkins, Docker, Terraform, etc. Excellent communication skills for cross-functional collaboration. Perks and benefits