DevSecOps Engineer

Key Responsibilities

• Secure DevOps Operations & Control Validation
• Monitor CI/CD pipelines (e.g., AWS Code Libraries) for policy violations, secrets leakage, or insecure configurations
• Analyze scan results from SAST/DAST/IAST tools (e.g., SonarQube, Checkmarx, ZAP, OWASP Dependency-Check) and prioritize remediation with developers
• Review container security reports and assist in vulnerability triage, including base image hardening recommendations
• Conduct IaC security reviews (Terraform, CloudFormation) to identify pre-deployment misconfigurations
• Maintain security guardrails in pipeline configurations (e.g., enforce code signing, static analysis stages)
• Monitor security dashboards and logs for abnormal behaviour in deployed environments
• Support real-time responses to security findings within CI/CD environments or cloud workloads
• Security Automation, Policy-as-Code & Dev Collaboration
• Implement and maintain automated security controls in CI/CD pipelines and maintain a JIRA board for all vulnerabilities reported throughout the product lifecycle.
• Write custom automation scripts to enforce preventive security measures and reduce manual errors
• Collaborate with development and platform teams to guide secure coding, library hygiene, and deployment practices
• Participate in threat modelling, security architecture reviews, and secure design sessions for new services
• Document pipeline security procedures, tool configurations, and developer guidance playbooks
• Assist in evaluating new security tools, perform POCs, and integrate selected solutions into the SDLC
  

Weekly and Monthly Contribution

• Review critical vulnerabilities in deployed apps and ensure remediation SLAs are tracked
• Perform pipeline audits for bypasses, insecure stages, and outdated controls
• Review source code repository settings (branch protections, token scopes, etc.)
• Participate in developer workshops to drive secure coding awareness
• Update DevSecOps metrics and dashboards in JIRA
• Contribute to post-mortem reviews of release-related security incidents
  

Required Qualifications

• 2–4 years of experience in AppSec, DevSecOps, or security engineering roles
• Solid understanding of CI/CD pipeline workflows and security tools
• Hands-on experience in scripting/automation (e.g., Python, Bash, Groovy, YAML-based pipeline definitions)
• Experience with cloud-native deployments, Familiarity with vulnerability management, secure code practices, and SDLC best practices
• Understanding of OWASP Top 10, SANS CWE 25, and container security standards
  

Soft Skills & Traits

• Detail-oriented with a proactive mindset toward prevention
• Ability to work cross-functionally with engineering, QA, and operations
• Excellent communication and documentation skills
• Strong troubleshooting capability in fast-paced CI/CD environments Confidential
  

• Curiosity-driven with a desire to automate and improve