DevSecOps Engineer - DAST/SAST

Key Responsibilities

• Implement and manage security tools and processes within our CI/CD pipelines (e.g., SAST, DAST, SCA, IAST).
• Automate security controls, vulnerability scanning, and compliance checks across all development stages.
• Collaborate with development and operations teams to embed security into the design, development, and deployment of applications and infrastructure.
• Conduct security reviews of code, infrastructure, and configurations.
• Identify, analyze, and remediate security vulnerabilities in applications and infrastructure.
• Develop and maintain security baselines for cloud environments (AWS, Azure, GCP) and containerization platforms (Docker, Kubernetes).
• Educate and mentor development teams on secure coding practices and security awareness.
• Participate in incident response activities related to security breaches and provide forensic analysis.
• Stay current with emerging security threats, vulnerabilities, and technologies and recommend appropriate controls.
• Drive the adoption of security-as-code principles and infrastructure as code (IaC) security best practices.
  

Required Skills & Qualifications

• 5-7 years of experience in a DevSecOps, DevOps, or Security Engineering role.
• Strong understanding of SDLC and CI/CD pipelines (e.g., Jenkins, GitLab CI, Azure DevOps, CircleCI).
• Expertise in scripting languages such as Python, Bash, or PowerShell for automation.
• Hands-on experience with cloud platforms (AWS, Azure, or GCP) including security services.
• Proficiency with containerization and orchestration technologies like Docker and Kubernetes.
• Experience with IaC tools such as Terraform, CloudFormation, or Ansible.
• Solid understanding of security concepts including network security, application security, data security, and identity & access management.
• Familiarity with various security testing tools (e.g., SonarQube, OWASP ZAP, Nessus, WhiteSource).
• Knowledge of security frameworks and compliance standards (e.g., NIST, ISO 27001, SOC 2, GDPR).
• Experience with version control systems like Git.
• Excellent problem-solving, analytical, and communication skills.
• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
  

Preferred Qualifications

• Relevant security certifications (e.g., CISSP, CCSP, OSCP, AWS Security Specialty, Azure Security Engineer).
• Experience with threat modeling methodologies.
• Familiarity with serverless architectures and their security implications.
• Knowledge of microservices security.
• Experience in a regulated industry.