DevSecOps Engineer

As a DevSecOps Engineer, you will play a critical role in ensuring the security and efficiency of our software development processes. You will work closely with development, operations, and security teams to integrate security practices into the DevOps pipeline. Your primary responsibility will be to automate security checks and ensure compliance with security standards and regulations.

Key Responsibilities:

1. Security Integration:
   • Embed security protocols and checks into the CI/CD pipeline.
   • Collaborate with development teams to identify and mitigate security vulnerabilities early in the software development lifecycle.
2. Automation and Tools:
   • Develop and maintain automated security testing tools.
   • Implement security testing tools, such as static analysis, dynamic analysis, and vulnerability scanning.
3. Monitoring and Incident Response:
   • Set up security monitoring and alerting for production environments.
   • Respond to security incidents, perform root cause analysis, and implement remediation strategies.
4. Compliance and Risk Management:
   • Ensure compliance with industry standards, such as ISO 27001, NIST, and GDPR.
   • Conduct regular security audits and risk assessments.
5. Collaboration and Training:
   • Work with cross-functional teams to improve security awareness and best practices.
   • Train developers on secure coding practices and the use of security tools.
6. Documentation and Reporting:
   • Maintain detailed documentation of security processes, incidents, and resolutions.
   • Provide regular reports on the state of security across the development lifecycle.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Experience:
  • 3+ years of experience in DevSecOps, DevOps, or a similar role.
  • Experience with security tools such as SAST, DAST, vulnerability scanners, and security monitoring.
  • Proficiency in scripting and automation (e.g., Python, Bash).
• Knowledge:
  • Strong understanding of cloud security, network security, and application security.
  • Familiarity with compliance frameworks and regulations.
• Skills:
  • Strong problem-solving skills and attention to detail.
  • Excellent communication and collaboration abilities.
  • Ability to work in a fast-paced, dynamic environment.

Preferred Qualifications:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or AWS Certified Security – Specialty.
• Experience with container security and orchestration tools like Kubernetes and Docker.
• Knowledge of Infrastructure as Code (IaC) tools like Terraform, Ansible, or CloudFormation.