DevSecOps Engineer

About Our Company

Key Responsibilities

• Integrate security tools (e.g., SonarQube, Trivy, Burp Suite) into CI/CD pipelines to automate security testing during build and deployment phases.
• Design and maintain secure configurations for cloud infrastructure using Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
• Implement security controls and standards for containerized applications in Kubernetes, ensuring the security and compliance of container orchestration environments.
• Maintain robust security policies and documentation covering all aspects of data protection, access control, and incident response.
  

Cloud Security And Infrastructure Management

• Implement and manage cloud security solutions, particularly within AWS, using tools such as AWS WAF, GuardDuty, and Macie.
• Develop and enforce IAM policies and access controls to ensure proper identity and data management across all environments.
• Perform hardening of container images and ensure their secure deployment in line with best practices for cloud-native security.
• Conduct regular audits and reviews of cloud security configurations to identify and remediate misconfigurations and potential vulnerabilities.
  

Monitoring, Incident Management, And Vulnerability Assessment

• Establish and maintain a comprehensive security monitoring and alerting framework using ELK Stack, Prometheus, and other monitoring tools.
• Conduct regular vulnerability scans, penetration tests, and security assessments to identify risks and vulnerabilities across applications and infrastructure.
• Lead incident response efforts, including analysis, containment, eradication, and recovery, ensuring effective and timely resolution of security incidents.
• Document and communicate post-incident reports and security findings to relevant stakeholders.
  

Security Governance And Compliance

• Ensure adherence to industry standards and regulatory compliance (e.g., GDPR, CCPA) through continuous review and implementation of security controls.
• Create and maintain security guidelines, hardening checklists, and compliance documentation to support secure system development and operation.
• Coordinate with internal teams and external auditors during security assessments and compliance reviews.
  

Continuous Improvement And Collaboration

• Identify and implement opportunities for process improvements in security testing, automation, and deployment workflows.
• Collaborate closely with development, QA, and operations teams to build a security-first culture and integrate secure practices into daily operations.
• Conduct security training sessions and workshops for development teams to promote secure coding and operational practices.
• Develop and maintain documentation for security processes, standards, and best practices to support knowledge sharing across the organization.
  

Qualifications

• Strong experience in DevOps and security tools and technologies, with a focus on secure CI/CD practices and cloud security (AWS preferred).
• Deep understanding of DevSecOps methodologies and practices, with hands-on experience securing containerized and cloud-based infrastructure.
• Proficiency in security tools and platforms such as SonarQube, Trivy, Burp Suite, GuardDuty, AWS WAF, and ELK Stack.
• Advanced knowledge of application security, secure coding practices, and vulnerability management.
• Familiarity with Infrastructure as Code (IaC) tools like Terraform and CloudFormation for managing secure and scalable infrastructure.
• Experience with programming and scripting languages such as Python, Shell, or similar alternatives.
  

Security Skills

• Hands-on experience with security analysis tools for SAST, DAST, and SCA.
• Expertise in penetration testing, incident response, and cloud security auditing.
• Strong understanding of cryptography, identity management, and secure access control.
  

Problem Solving

• Strong analytical and troubleshooting skills to resolve complex security issues.
• Ability to perform threat modeling and risk assessment to identify potential security gaps and define effective solutions.
  

Communication

• Excellent communication skills with the ability to collaborate effectively across technical and non-technical teams.
• Strong documentation skills to support security policy development and incident response procedures.
• Advanced English proficiency, both written and spoken, to communicate clearly with global partners and stakeholders.