DevSecOps Security Engineer | Chennai | Onsite | 6-11 Years | Immediate Joiners

Location:

Employment Type:

Overview

DevSecOps Security Engineer

Key Responsibilities

A) DevSecOps Enablement

• Pipeline Security:

• Integrate automated SAST, SCA, IaC, and container security scanning into CI/CD pipelines (GitHub, Jenkins, Argo CD). Enforce quality gates and break-glass workflows.

• IaC Guardrails:

• Implement policy-as-code for Terraform, Helm, and Kubernetes manifests. Codify security baselines, waivers, and approvals within version control.

• Kubernetes Security:

• Enforce admission controls and implement secure RBAC, network policies, image signing/attestations, and runtime protection mechanisms.

• Secrets & Identity Management:

• Strengthen secrets management and align identity access with Zero Trust and least-privilege principles.

• Compliance Alignment:

• Map controls and detections to standards such as PCI-DSS where required. Generate audit-ready artifacts including SBOMs and attestations.

• API & Bot Security (Preferred):

• Implement API discovery and cataloging, perform API threat modeling, configure WAAP/edge/CDN policies and rate limiting, and deploy bot mitigation/fraud detection solutions.

B) Observability, Runtime Protection & Threat Hunting

• Runtime Monitoring:

• Deploy detection mechanisms for vulnerabilities, misconfigurations, drift, and anomalies across cloud and Kubernetes workloads.

• Telemetry & Dashboards:

• Build end-to-end observability using tools like Grafana, OpenTelemetry, and OpenSearch (or similar).

• Threat Hunting:

• Conduct proactive hunts across cloud, Kubernetes, and application layers using telemetry, logs, and behavioral indicators.
• Develop and refine detection logic, playbooks, and hypotheses aligned with TTPs, threat intelligence, and incident insights.
• Work with SOC/IR teams to tune alerts, reduce noise, and enhance detection precision.

• Incident Response Enablement:

• Collaborate with SOC/IR for evidence collection, triage, post-incident analysis, and continuous improvement.

C) Delivery, Documentation & Stakeholder Collaboration

• Project Delivery:

• Own Jira epics/stories and deliver roadmap items with measurable outcomes.

• Documentation:

• Maintain Confluence playbooks, runbooks, standards, and architecture diagrams.

• Stakeholder Communication:

• Provide weekly status reports, track risks/issues, and communicate updates to internal and customer stakeholders.

Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (Master’s preferred).
• Hands-on experience with DevSecOps practices across CI/CD, Kubernetes, and cloud-native platforms.
• Strong knowledge of IaC security and policy-as-code frameworks (Terraform/Helm).
• Expertise in Kubernetes security — admission controls, RBAC, Pod Security, network policies, image signing/attestations.
• Experience with observability platforms (Grafana, OpenTelemetry, OpenSearch or equivalent).
• Familiarity with CNAPP/CSPM tools such as Prisma Cloud, Cortex Cloud, or Wiz.

• Threat Hunting & Detection Engineering:

• Proven experience in cloud-native and Kubernetes threat hunting.
• Skilled in building, tuning, and maintaining detections and playbooks.

• API & Bot Security (Preferred):

• Experience in WAAP/CDN policy configuration, API cataloging, threat modeling, rate limiting, bot detection, or fraud signal analysis. Experience with platforms like Akamai or Cequence is a plus.
• Excellent troubleshooting, communication, and cross-functional collaboration skills.