Devsecops Engineer

Role & responsibilities

• SecOps Standards: Develop and update application security standards, secure coding principles, and threat modelling processes.
• Application Security Support: Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance.
• Vulnerability Assessment: Leverage automated tools and manual testing methods to identify vulnerabilities in codebase and engage in Static and Dynamic application security testing and engage in security automation efforts and process improvements.
• Penetration Testing: Exposure to web application and APIs application penetration tests. And conduct network and cloud penetration tests to identify security weaknesses.
• Security Monitoring & Incident Response: Deploy and manage security tools, detect threats, prevent sensitive data leaks and address incidents.
• Infrastructure & Cloud Security: Safeguard infrastructure on AWS, GCP, or Azure, focusing on encryption, IAM, and network security.
• \Security Automation: Integrate security into CI/CD pipelines and automate compliance checks.
• Compliance & Governance: Ensure adherence to security regulations (e.g., GDPR, SOC 2, ISO 27001).
• Threat Intelligence: Stay updated on emerging threats and apply security best practices.

Preferred candidate profile

Experience: Minimum of 3-5 years in DevSecOps or security engineering, with a focus on cloud security.

• Proficiency in DevSecOps operations and Application Security.
• Familiarity with secure by design and “shift left” security principles. o Strong knowledge of software security risks and threats (OWASP top 10)
• Secure Software Development Lifecycle (SDLC) knowledge. o Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Strong scripting skills (Python, Bash) for security automation.
• Proficient with cloud-native and containerized platforms with proven experience on Kubernetes (EKS), Jenkins, Docker, Terraform, etc.
• Excellent communication skills for cross-functional collaboration.

Perks and benefits