DevSecOps Engineer

About the Role

• We are seeking a DevSecOps Engineer who can integrate security practices within our CI/CD workflows, infrastructure automation, and cloud compliance frameworks. The ideal candidate will have hands-on experience with DevOps tooling, infrastructure-as-code (Terraform), and security compliance processes, ensuring that our systems are secure, observable, and compliant across all environments.

Key Responsibilities:

CI/CD & Automation

1. Manage and enhance CI/CD pipelines to support secure and efficient deployments.
2. Integrate automated security testing and code quality checks in the build process.
3. Collaborate with development teams to ensure seamless code delivery and rollback processes.

Code Scanning & Vulnerability Management

1. Implement and maintain code scanning tools (e.g., SonarCloud, Snyk, GitHub Advanced Security).
2. Identify and remediate security vulnerabilities in application and infrastructure code.
3. Work with developers to establish secure coding standards and best practices.

Policy & Compliance

1. Define and enforce security policies across cloud environments (AWS, Azure and GCP).
2. Support compliance initiatives (GDPR, HIPAA, SOC2, DPDP).
3. Participate in audits, risk assessments, and documentation of security controls.

Infrastructure as Code - Terraform

1. Develop, manage, and optimize cloud infrastructure using Terraform.
2. Maintain reusable Terraform modules and ensure consistent deployments across environments.
3. Assist in implementing policy-as-code frameworks (OPA, Sentinel, AWS Config).

Data Residency & Governance

1. Ensure infrastructure and data flows comply with regional data residency and privacy laws.
2. Collaborate with compliance and legal teams to align data storage with global regulations.

Observability & Monitoring

1. Implement observability tools (Prometheus, Grafana, ELK, OpenTelemetry) to monitor application and infrastructure health.
2. Improve alerting, tracing, and incident response processes.

Communication & Collaboration

1. Partner with cross-functional teams including Security, DevOps, and Compliance to drive secure deployment strategies.
2. Contribute to documentation, training, and internal knowledge sharing.

Required Skills

1. Experience:6+ years
2. Hands-on experience with CI/CD tools (GitHub Actions, Jenkins, GitLab CI/CD, or Azure DevOps).
3. Working knowledge of code scanning tools (SonarCloud, Snyk, Trivy).
4. Familiarity with compliance standards: GDPR, HIPAA, SOC2, DPDP.
5. Experience with Terraform for infrastructure automation.
6. Basic understanding of policy-as-code and cloud governance.
7. Proficiency with observability tools (Grafana, Prometheus, ELK, or Datadog).
8. Experience with AWS or Azure environments.
9. Strong written and verbal communication skills.