IppoPay Technologies - DevSecOps Engineer - Security Protocols (5-7 yrs)

Job Overview :

We are seeking a skilled and motivated DevSecOps Engineer to join our team.

The ideal candidate will play a critical role in integrating security into every phase of the software development lifecycle (SDLC).

You will collaborate with development, operations, and security teams to ensure secure coding practices, infrastructure security, and automation of security processes.

This position requires a solid understanding of security protocols, automation, and cloud environments.

Key Responsibilities :

- Implement, manage, and enhance DevSecOps processes, including integrating security practices into CI/CD pipelines.

- Perform vulnerability assessments and security audits of software and infrastructure.

- Collaborate with software engineers and DevOps teams to ensure secure coding practices.

- Develop, configure, and manage automated security tools, such as static/dynamic code analysis tools, intrusion detection/prevention systems, and SIEM.

- Design and implement security controls to protect applications, data, and infrastructure.

- Monitor security incidents, respond to threats, and ensure timely remediation.

- Automate security processes such as patch management, incident response, and compliance checks.

- Ensure compliance with security standards, including SOC 2, ISO 27001, PCI DSS, and others.

- Conduct regular security training and awareness sessions for development and operations teams.

- Collaborate with third-party security teams for audits, assessments, and external reviews.

Key Skills and Requirements :

- Bachelor's degree in Computer Science, Information Security, or a related field.

- 5+ years of experience in DevSecOps, security engineering, or related roles.

- Strong knowledge of CI/CD pipelines and tools like Jenkins etc.

- Experience with cloud security on platforms like AWS, Azure, or GCP.

- Familiarity with security testing tools (e., OWASP ZAP, Burp Suite, Nessus, etc.

- Experience with containerization and orchestration tools such as Docker, Kubernetes, etc

- Knowledge of infrastructure-as-code (IaC) tools like Terraform, Ansible, etc.

- Solid understanding of security protocols, cryptography, and secure software development.

- Proficient in scripting languages (Python, Bash, etc) for automation.

- Strong understanding of network security, firewalls, and VPNs.

- Experience with logging and monitoring tools such as ELK, Splunk, or Prometheus.

- Excellent communication skills and ability to work collaboratively in cross-functional teams.

Preferred Qualifications :

- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or AWS Certified Security - Specialty.

- Familiarity with regulatory standards (SOC 2 etc