DevSecOps Engineer

Responsibilities:

• Collaborate with development, operations, and security teams to integrate security best practices into our DevOps processes and workflows.
• Implement and automate security controls and compliance checks throughout the development and deployment lifecycle.
• Design and implement secure CI/CD pipelines for building, testing, and deploying software, incorporating security testing tools such as SAST, DAST, and IAST.
• Implement and manage infrastructure as code (IaC) using tools such as Terraform, CloudFormation, or Ansible, ensuring security best practices are followed.
• Automate security scanning and vulnerability management processes for applications, containers, and cloud resources.
• Implement and manage security monitoring, logging, and alerting systems to detect and respond to security incidents.
• Conduct security assessments and penetration testing of applications, infrastructure, and cloud environments.
• Ensure compliance with industry standards and regulations such as GDPR, HIPAA, PCI-DSS, and SOC 2.
• Provide guidance and support to development and operations teams on secure coding practices, security tools, and security best practices.
• Stay up-to-date with emerging security threats, vulnerabilities, and best practices, and implement appropriate measures to mitigate risks.

Qualifications:

• Bachelor's or Master's degree in Computer Science, Software Engineering, Information Security, or a related field.
• Proven experience as a DevSecOps Engineer or similar role, with a strong background in software development, operations, and security.
• Proficiency in scripting and programming languages such as Python, Bash, or Go.
• Experience with cloud platforms such as AWS, Azure, or Google Cloud Platform, including hands-on experience with security services and controls.
• Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or CircleCI, and version control systems such as Git.
• Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible, and containerization technologies such as Docker and Kubernetes.
• Strong understanding of security principles, standards, and best practices, including OWASP Top 10, CIS Benchmarks, and NIST Cybersecurity Framework.
• Experience with security testing tools such as static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST) tools.
• Experience with security monitoring and logging tools such as SIEM, IDS/IPS, and security information and event management (SIEM) systems.
• Excellent problem-solving skills and the ability to troubleshoot complex technical issues.
• Strong communication and collaboration skills, with the ability to work effectively in a cross-functional team environment.