DevSecOps Engineer - CI/CD Pipeline (4-6 yrs)

1. DevOps & Infrastructure :

- CI/CD Pipeline Tools: Jenkins, GitLab CI, CircleCI, TravisCI, AWS CodePipeline.

- Containerization and Orchestration: Docker, Kubernetes, OpenShift.

- Infrastructure as Code (IaC): Terraform, AWS CloudFormation, Ansible, Chef, Puppet.

- Cloud Platforms: AWS, Azure, Google Cloud, with a focus on security services (AWS IAM, Azure Security Center, etc.).

2. Security Automation :

Security Tools:

- SAST (Static Application Security Testing): SonarQube, Checkmarx, Veracode.

- DAST (Dynamic Application Security Testing): OWASP ZAP, Burp Suite.

- Container Security: Aqua Security, Twistlock, Clair, Falco.

- Scripting: Writing custom scripts to automate security tests, audits, and monitoring.

4. Cloud Security & Compliance :

- Cloud Security: Identity and Access Management (IAM), AWS KMS, encryption techniques, VPC security.

- Security Monitoring & Auditing: AWS CloudWatch, CloudTrail, Azure Sentinel, ELK Stack (Elasticsearch, Logstash, Kibana), Splunk.

5. Threat Detection & Mitigation :

- Intrusion Detection/Prevention: Snort, Suricata, WAF (Web Application Firewall).

- Incident Response: Building response protocols and automating responses with tools like AWS Lambda, serverless frameworks.

6. Version Control & Collaboration :

- Version Control: Git, GitHub, Bitbucket.