Job
Description
A Snapshot of Your Day Each day, you ll collaborate with product management and development teams to define, prioritize, and deliver high-impact features that keep our cloud infrastructure and applications resilient. You ll design and automate CI/CD pipelines, implement robust security controls, and respond to security incidents ensuring our systems are always ahead. Your expertise will directly support Siemens Gamesa s mission for clean, reliable energy, all within a culture that values your ideas, empowers your growth, and celebrates your commitment to excellence. How You ll Make an Impact Create, develop, and implement solutions to address infrastructure and security requirements. Identify the needs for build automation, designing, and implementing CICD solutions. Create, develop, and implement automation and system integration for various build platforms. Build or maintain CICD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment. Design action plans to address CICD platform/tools/solutions shortcomings and difficulties. Trouble shoot, identify, and fix problems in the DevSecOps domain. Secure Infrastructure: Design, implement, and maintain secure infrastructure and environments, including FedRAMP-compliant environments, consisting of applications, containers, virtual machines, and cloud infrastructure. Vulnerability Management: Collaborate with teams to remediate and mitigate identified vulnerabilities, work with the security team to assess vulnerabilities, and identify potential security risks and weaknesses in the system. Security Automation: Develop and maintain security automation tools and scripts to streamline security processes and patch management, ensuring consistent application of security controls across deployment pipelines and infrastructure. Incident Response: Respond to security incidents promptly, perform root cause analysis, and implement measures to prevent future occurrences. Security Audits and Compliance: Assist in security audits and compliance assessments to ensure alignment to industry standards and regulations, collaborating with internal and external auditors to address any security-related findings. Collaboration and Documentation: Work closely with developers and security teams to identify security requirements and implement appropriate solutions, maintaining clear and comprehensive documentation of security practices, standards, and guidelines. What You Bring You have 8-10 years of proven experience as a Data Security Engineer, with a strong background in DevSecOps and cloud technologies. You are proficient in programming and scripting languages such as Python, C#, and PowerShell. You understand secure coding practices, common vulnerabilities (OWASP Top 10), and security frameworks (ISO 27001, NIST, PCI DSS). You have hands-on experience with security tools, vulnerability management, and cloud platforms (AWS, Azure, Google Cloud). You are skilled in containerization (Docker, Kubernetes) and infrastructure-as-code tools (Terraform, CloudFormation). You bring experience with security automation, incident response, and compliance audits. Exposure to tools like SonarQube, Coverity, Dependency Track, Trivy, or ZAP is a plus
