DevSecOps Engineer - GOV2

As a DevSecOps Engineer on our XOps team, you will play a crucial role in integrating security practices within the DevOps pipeline to ensure secure software development and deployment processes. Your primary responsibility will be to collaborate with development, operations, and security teams to embed automated tools and processes into CI/CD workflows. Your key responsibilities will include designing, implementing, and managing CI/CD pipelines using tools like Jenkins, GitHub, and integrating security tools such as Snyk, SonarQube, and JFrog to detect vulnerabilities early in the development lifecycle. You will automate security testing and compliance checks as part of the DevOps process and work closely with development teams to remediate identified vulnerabilities. Additionally, you will ensure that infrastructure as code (IaC) is securely designed and deployed and drive container security and orchestration using tools like Docker, Kubernetes, Trivy, etc. Maintaining compliance with security standards such as OWASP, NIST, and ISO 27001 will be a critical aspect of your role, along with contributing to monitoring and incident response automation. To excel in this role, you must have strong hands-on experience with Jenkins, Snyk, SonarQube, and static/dynamic code analysis tools. Proficiency in scripting languages like Python and Bash, along with experience in version control systems like Git, is essential. A working knowledge of container security, IaC (Terraform, CloudFormation), and secrets management tools (e.g., Vault, AWS Secrets Manager), as well as familiarity with security practices in cloud environments (AWS, Azure, or GCP), will be highly beneficial. Preferred qualifications for this role include certifications such as Certified DevSecOps Professional, AWS Security, or Azure Security Engineer, along with knowledge of compliance frameworks like SOC 2, HIPAA, and GDPR. Experience in threat modeling and risk assessment would be an added advantage.,