Senior DevSecOps Consultant

Job Overview

We are seeking an experienced and highly skilled Senior DevSecOps Consultant to join our cybersecurity consulting team in Jaipur, Rajasthan. The Senior DevSecOps Consultant will be responsible for integrating security practices into the software development lifecycle (SDLC), designing secure CI/CD pipelines, automating security testing, and advising enterprise clients on secure development and operational practices. This role requires deep expertise in DevOps methodologies, security automation tools, cloud infrastructure security, and the ability to work closely with development, operations, and security teams to embed security throughout the application delivery pipeline. The ideal candidate will have proven experience implementing DevSecOps practices for multinational clients and driving security transformation initiatives.​

Key Responsibilities

• Secure CI/CD Pipeline Design: Architect, design, and implement secure CI/CD pipelines integrating security checkpoints at every stage including code commit, build, test, deployment, and monitoring phases using tools like Jenkins, GitLab CI/CD, Azure DevOps, or GitHub Actions.​
• Security Automation: Automate security testing processes including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container scanning, and Infrastructure as Code (IaC) security validation throughout the development pipeline.​
• Security Tool Integration: Integrate and configure security tools such as SonarQube, Snyk, Checkmarx, Veracode, OWASP ZAP, Aqua Security, Trivy, HashiCorp Vault, and vulnerability management platforms into automated workflows.​
• Container and Kubernetes Security: Implement security controls for containerized environments including Docker image scanning, Kubernetes security policies, pod security standards, runtime protection, secrets management, and orchestration security.​
• Cloud Security Implementation: Design and implement security controls for cloud platforms (AWS, Azure, GCP) including IAM policies, security groups, network segmentation, encryption, compliance monitoring, and cloud-native security services.​
• Infrastructure as Code (IaC) Security: Develop and review secure infrastructure code using Terraform, CloudFormation, or Ansible, implement policy-as-code using tools like Open Policy Agent (OPA) or Checkov, and ensure infrastructure compliance.​
• Vulnerability Management: Establish and manage vulnerability management programs including automated scanning, vulnerability prioritization, remediation tracking, SLA management, and integration with ticketing systems.​
• Security Code Review: Conduct security-focused code reviews, identify security anti-patterns, provide secure coding guidance to development teams, and implement automated code quality and security gates.​
• Client Consulting and Advisory: Engage directly with enterprise and multinational clients to assess current DevSecOps maturity, design security transformation roadmaps, provide strategic recommendations, and guide implementation of security best practices.​
• Compliance and Governance: Ensure DevSecOps practices align with regulatory requirements and industry standards including ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and implement compliance-as-code frameworks.​
• Threat Modeling and Risk Assessment: Conduct application threat modeling, identify security risks in architecture and design phases, perform risk assessments, and recommend security controls to mitigate identified threats.​
• Security Training and Enablement: Develop and deliver training programs for development and operations teams on secure coding practices, security tool usage, threat awareness, and DevSecOps methodologies.​
• Incident Response Integration: Integrate security monitoring, logging, and alerting into DevOps workflows, implement SIEM integration, establish incident response playbooks, and support security incident investigations.​
• Metrics and Reporting: Define and track DevSecOps metrics including mean time to remediate (MTTR), vulnerability density, security test coverage, and compliance status, and provide regular reporting to stakeholders and clients.​

Qualifications

Experience

5–6 years of hands-on experience in DevSecOps, application security, security engineering, or DevOps with proven track record of implementing secure CI/CD pipelines and security automation for enterprise clients across multiple industries.​

Certifications

Required:

• Certified DevSecOps Professional (CDP) – Practical DevSecOps
• AWS Certified Security - Specialty or Azure Security Engineer Associate (AZ-500) or Google Cloud Professional Cloud Security Engineer

Preferred:

• Certified Kubernetes Security Specialist (CKS)
• AWS Certified DevOps Engineer - Professional or Microsoft Certified: DevOps Engineer Expert
• GIAC Cloud Security Automation (GCSA)
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• HashiCorp Certified: Terraform Associate
• Docker Certified Associate

Technical Skills

• Strong expertise in CI/CD platforms including Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps, CircleCI, or Travis CI with experience building complex automated pipelines​
• Advanced knowledge of containerization and orchestration using Docker and Kubernetes including security configurations, network policies, and runtime security​
• Hands-on experience with security testing tools including SAST (SonarQube, Checkmarx, Fortify), DAST (OWASP ZAP, Burp Suite), and SCA (Snyk, WhiteSource, Black Duck)​
• Proficiency in Infrastructure as Code tools such as Terraform, AWS CloudFormation, Azure ARM Templates, or Pulumi with security best practices​
• Strong scripting and programming skills in Python, Bash, PowerShell, or Go for automation and custom tool development​
• Deep understanding of cloud security for AWS, Azure, or GCP including IAM, KMS, security groups, VPC configuration, and cloud-native security services​
• Experience with secrets management solutions such as HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, or CyberArk​
• Knowledge of container security tools including Aqua Security, Twistlock/Prisma Cloud, Trivy, Clair, or Anchore for image scanning and runtime protection​
• Expertise in configuration management and automation tools like Ansible, Puppet, Chef, or SaltStack
• Strong understanding of application security including OWASP Top 10, secure coding practices, authentication/authorization mechanisms, and API security​
• Experience with version control systems (Git, GitHub, GitLab, Bitbucket) and branching strategies for secure code management​
• Proficiency in monitoring and logging tools such as Prometheus, Grafana, ELK Stack, Splunk, or cloud-native monitoring solutions​
• Knowledge of policy-as-code and compliance automation using Open Policy Agent (OPA), Checkov, or Sentinel​
• Understanding of Linux/Unix system administration and security hardening practices​

Education

Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Technology, Software Engineering, or related technical field (or equivalent professional experience with relevant certifications).

Soft Skills

• Excellent consulting and advisory skills with ability to assess client environments and provide strategic security recommendations
• Strong communication skills to articulate complex security concepts to technical and non-technical audiences including developers, operations teams, and executives​
• Proven leadership abilities to guide cross-functional teams and drive security culture transformation within organizations​
• Analytical and problem-solving mindset to identify security gaps, design effective solutions, and troubleshoot complex technical challenges
• Collaborative approach to work effectively with development, operations, security, and business stakeholders​
• Strong project management skills to handle multiple client engagements simultaneously and deliver within timelines
• Ability to mentor junior team members and conduct effective training sessions​

Additional Requirements

• Solid understanding of Agile and DevOps methodologies including CI/CD practices, continuous monitoring, and iterative development
• Experience working with multinational clients and understanding of global security standards and compliance requirements
• Knowledge of secure software development lifecycle (SSDLC) frameworks and methodologies​
• Familiarity with threat modeling methodologies such as STRIDE, PASTA, or OCTAVE
• Understanding of microservices architecture, API security, and serverless security considerations
• Experience with penetration testing, vulnerability assessment, or ethical hacking is a plus
• Commitment to continuous learning and staying current with emerging DevSecOps tools, techniques, and threat landscape​
• Willingness to travel occasionally to client sites for assessments, implementations, and workshops
• Ability to work in fast-paced consulting environment with changing priorities and tight deadlines

Resume Information

How to Apply

To apply for this position, email your resume to job2026@thefourthcommand.com

Subject Line Format: FC_DEVSECOPS_[YOUR FULL NAME]_RESUME

Resume Requirements

Your resume must include the following information:

• Last Company Details: Name of your most recent employer, duration of employment (in years/months), job title, and comprehensive description of DevSecOps responsibilities and projects delivered
• DevSecOps Tools and Platforms: Detailed list of tools and technologies you have hands-on experience with, categorized as:
• CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps, etc.)
• Security testing tools (SAST, DAST, SCA tools - SonarQube, Snyk, Checkmarx, OWASP ZAP, etc.)
• Container and orchestration platforms (Docker, Kubernetes, OpenShift, etc.)
• Container security tools (Aqua, Trivy, Clair, Anchore, etc.)
• Cloud platforms (AWS, Azure, GCP) and security services
• IaC tools (Terraform, CloudFormation, Ansible, etc.)
• Secrets management (Vault, AWS Secrets Manager, etc.)
• Monitoring and logging tools (Prometheus, Grafana, ELK, Splunk, etc.)
• Programming and Scripting Languages: Languages you are proficient in (Python, Bash, PowerShell, Go, Ruby, etc.) with examples of automation scripts or tools developed
• Client and Project Experience: Details of enterprise or multinational clients you have worked with including:
• Industry sectors (Banking, Healthcare, E-commerce, Technology, etc.)
• Type of DevSecOps engagements (pipeline security, security automation, cloud security, consulting)
• Project scope and complexity
• Key achievements and security improvements delivered
• Pipeline Projects: Specific examples of CI/CD pipelines you have designed and implemented including:
• Pipeline architecture and tools used
• Security controls integrated
• Automation achievements
• Performance and security outcomes
• Certifications: Complete list of DevSecOps, cloud, security, and DevOps certifications including:
• Certification name
• Issuing organization
• Year obtained and validity status
• Certification ID or badge (if applicable)
• Cloud Security Experience: Specific cloud platforms you have secured (AWS/Azure/GCP) with details of security implementations, services configured, and compliance achieved
• Methodologies and Frameworks: Familiarity with DevSecOps frameworks, SSDLC methodologies, compliance standards (ISO 27001, SOC 2, PCI DSS, HIPAA), and threat modeling approaches
• Educational Background: Degree details including specialization, institution, and year of completion
• Leadership and Training: Experience leading teams, conducting training sessions, or mentoring team members in DevSecOps practices
• Passport Size Photograph: A recent passport size photograph must be included on your resume (mandatory requirement)

Incomplete applications or resumes missing any of the above requirements will not be considered for evaluation.

Job Type: Full-time

Pay: ₹300,000.00 - ₹800,000.00 per year

Work Location: In person