DevSecOps Engineer - Security Operations Center (4-6 yrs)

Role : DevSecOps Engineer.

Location : Remote, India.

Type Permanent

Job Description :

- As our Senior DevSecOps Engineer, you will take ownership of our GCP-based infrastructure and spearhead the adoption of infrastructure-as-code practices.

- You'll be responsible for automating our SaaS platform, enhancing security across all systems, and preparing us for SOC 2 certification.

- Additionally, you will manage basic endpoint security for developer laptops, ensuring best practices are in place.

- This role requires both a deep technical skillset and a proactive approach to security and compliance.

Key Responsibilities:

Platform Infrastructure & Automation.

- Infrastructure-as-Code: Plan and implement IaC solutions (e.g , Terraform) to automate provisioning and management of cloud resources on GCP.

- SaaS Automation: Develop tools and processes for SaaS-related configurations and automations and other (e.g subdomains management).

- CI/CD Integration: Collaborate with the team to optimize and enhance our existing CI/CD pipeline (GitHub Actions).

Security & Compliance :

- SOC 2 Preparation :

- Work toward implementing policies, procedures, and controls aligned with SOC 2 requirements; assist with audits and evidence collection.

GDPR Alignment :

- Ensure systems and processes adhere to GDPR data protection principles.

Cloud Security :

- Improve existing identity and access management, secrets management, and monitoring solutions within GCP to detect and respond to threats in real time.

Endpoint & Corporate Security :

Device Management : Oversee security measures for developer laptops (e.g , encryption, patching, endpoint protection).

Policy Enforcement :

- Develop and maintain security policies, standards, and guidelines for all team members.

Collaboration & Process :

- Cross-functional Collaboration : Work closely with the engineering team of six to ensure seamless integration of security practices throughout the development lifecycle.

- Incident Response (Nice-to-Have) : Participate in or establish an on-call rotation for incident response and quick remediation.

- Documentation & Training : Create clear documentation and provide internal training on best practices in DevSecOps, cloud security, and compliance.

Requirements :

Technical Skills :

- Proven experience in a DevOps/DevSecOps role with a focus on GCP.

- Interest and capability in adopting infrastructure-as-code (e.g , Terraform) where none currently exists.

- Strong knowledge of CI/CD pipelines-experience with GitHub Actions is a plus.

- Proficiency in scripting (e.g , Bash, Python) and automation tools.

- Familiarity with security best practices in cloud environments, including identity management, secrets management, and vulnerability scanning.

Soft Skills :

- Excellent communication skills with a commitment to honesty and transparency.

- Ability to take ownership of tasks and drive them to completion with minimal supervision.

- Comfortable in a fast-paced startup environment, adaptable to changing priorities.

Nice-to-Have :

- Experience with SOC 2 or other compliance frameworks (ISO 27001).

- Hands-on involvement with multi-tenant SaaS architecture and PaaS automation.

- Some familiarity with other cloud providers (Azure, AWS) for future expansion.

- Prior experience in endpoint management (Mac, Windows, Linux).

- Willingness to participate in an on-call rotation.