Job
Description
Role Description We are seeking a Senior SecDevOps Analyst to lead the integration of security into our DevOps practices and infrastructure. This role is suited for an experienced security professional who can navigate complex, hybrid environments and proactively secure large-scale, customer-facing platforms. You will be instrumental in designing secure systems, embedding security into CI/CD pipelines, and supporting risk and compliance initiatives while collaborating closely with DevOps, product, and IT teams. Key Responsibilities Security Architecture & Engineering Design and implement secure infrastructure solutions across cloud and on-premise environments. Define, enforce, and promote security standards for Infrastructure as Code (IaC), containers, and microservices. Collaborate with architects and engineering teams to ensure secure application design and deployment. DevSecOps Enablement Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines. Automate security scanning and compliance checks using tools such as Snyk, Checkov, or Prisma Cloud. Drive adoption of DevSecOps practices through training, documentation, and hands-on guidance. Cloud & Container Security Secure cloud-native environments (AWS, Azure, GCP) focusing on identity, access, and data protection. Implement and monitor security for Kubernetes clusters, Docker containers, and serverless applications. Monitoring, Detection & Response Develop and maintain security monitoring and incident response procedures. Collaborate with SOC and IT teams to investigate, remediate, and document security incidents. Conduct root cause analysis and post-incident reviews to enhance system resilience. Compliance & Governance Support regulatory compliance (PCI-DSS, GDPR, ISO 27001) and internal audit initiatives. Maintain up-to-date documentation for security controls, risk assessments, and policies. Participate in vendor risk assessments and third-party security evaluations. Collaboration & Leadership Act as a security advisor to DevOps, product, and infrastructure teams. Mentor junior analysts and promote security best practices. Stay informed on evolving threats, technologies, and security frameworks. Required Qualifications 8+ years of experience in security engineering, DevOps, or SecDevOps. In-depth knowledge of cloud security (AWS preferred), system hardening, and network security. Hands-on experience with Python, Bash, PowerShell for scripting and automation. Proficient in CI/CD tools (GitHub Actions, GitLab CI, Jenkins) and IaC platforms (Terraform, CloudFormation). Strong expertise in container security (Docker, Kubernetes) and orchestration tools. Familiarity with enterprise security tools (SIEM, EDR, vulnerability management). Sound knowledge of frameworks like NIST, CIS, ISO 27001, and compliance standards (PCI-DSS, GDPR). Preferred Qualifications Industry-recognized certifications (e.g., CISSP, CKS, AWS Security Specialty, OSCP). Experience in large-scale retail or e-commerce environments. Understanding of secure payment systems, fraud prevention, and data privacy. Familiarity with Zero Trust Architecture and identity-centric security models. Skills Information Security,Security Monitoring,Infrastructure Security Show more Show less
