DevSecOps Engineer - Security Automation (4-8 yrs)

Job Title: DevSecOps Engineer.

Location: Bangalore.

Experience: 4-8 Years.

Job Description.

We are seeking a talented and detail-oriented DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will play a key role in integrating security practices within the development and operations lifecycle. You will work closely with developers, IT operations, and security teams to ensure that security is embedded into the entire development pipeline, from code development to deployment.

Your expertise will help to automate security processes, improve overall system security, and ensure compliance with security standards and regulations.

Key Responsibilities :

- Implement and maintain security in the DevOps pipeline, ensuring that security is integrated into every phase of the CI/CD lifecycle.

- Automate and manage security tools and processes to detect vulnerabilities, misconfigurations, and potential threats in both infrastructure and applications.

- Collaborate with development, operations, and security teams to establish best practices for secure coding, security testing, and vulnerability management.

- Monitor and respond to security alerts, vulnerabilities, and incidents, ensuring timely resolution and continuous improvement of security measures.

- Conduct threat modeling, security assessments, and risk analysis to identify potential security gaps and implement corrective actions.

- Work with cloud platforms (i.e., AWS, Azure, Google Cloud) to ensure the security of cloud infrastructure and services.

- Implement automated security testing tools (i.e., static code analysis, dynamic analysis, software composition analysis) into the build and deployment pipelines.

- Ensure compliance with regulatory standards and frameworks (i.e, GDPR, HIPAA, PCI-DSS) by integrating appropriate security controls and processes.

Required Skills And Qualifications :

- Proven experience as a DevSecOps Engineer, Security Engineer, or similar role with a strong focus on security automation and DevOps practices.

- In-depth knowledge of DevOps tools such as Jenkins, GitLab CI/CD, Docker, Kubernetes, Terraform, and related technologies.

- Strong experience with cloud security and securing cloud environments (i.e., AWS, Azure, Google Cloud).

- Familiarity with security tools such as Snyk, OWASP ZAP, SonarQube, Fortify, or similar vulnerability scanning tools.

- Proficiency in scripting languages (i.e., Python, Shell scripting, Bash, PowerShell) for automating security-related tasks.

- Experience with infrastructure as code (IaC) tools like Terraform or CloudFormation.

- Understanding of network security, including firewalls, load balancers, VPNs, and encryption methods.

- Knowledge of container security and securing containerized applications using tools like Kubernetes, Docker, Aqua Security, or Sysdig.

- Familiarity with security compliance frameworks and regulations such as PCI-DSS, HIPAA, SOC 2, ISO 27001, GDPR, etc.