DevSecOps Engineer

L&T Technology Services

Pune, India

7-10 Years

Save

Posted 4 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Experience - 7-10 Years

Core Technologies and Skills

AWS Security Tools:

GuardDuty, Security Hub, IAM, KMS, CloudTrail, Config, Macie, Inspector.

External Security Solutions:

Experience with tools such as CrowdStrike, Palo Alto, Qualys, Tenable, Splunk, or similar.

GRC Platforms:

Familiarity with GRC tools (e.g., ServiceNow GRC, Archer, OneTrust) and processes.

Infrastructure as Code:

Terraform, CloudFormation for automating security controls and compliance.

CI/CD Security:

Integrating security checks and controls into CI/CD pipelines (Bitbucket, Jenkins, GitHub Actions).

Scripting:

Proficiency in Python and Shell scripting for automation and security tasks.

Vulnerability Management:

Conducting vulnerability scans, penetration testing, and remediation.

Regulatory Knowledge:

Understanding of SOC2, NIST, ISO27001, GDPR, and other relevant regulations.

Monitoring & Logging:

Experience with security monitoring, SIEM solutions, and log management.

Incident Response:

Hands-on experience in security incident detection, response, and reporting.

Core Competencies

Security-First Mindset

Collaboration/Teamwork

Regulatory & Compliance Awareness

Key Responsibilities

Cloud Security Operations:

Implement, manage, and monitor security controls for AWS cloud environments and connected products, ensuring the confidentiality, integrity, and availability of systems and data.

Security Tooling:

Deploy and operate AWS native security tools (e.g., GuardDuty, Security Hub, IAM, KMS, CloudTrail, Config) and integrate external solutions (e.g., CrowdStrike, Palo Alto, Qualys, Tenable, Splunk) for comprehensive security coverage.

Compliance Readiness:

Lead and support initiatives to prepare the organization for SOC2, NIST, ISO27001, and other regulatory audits. Develop and maintain documentation, evidence, and processes required for certification.

Governance, Risk, and Compliance (GRC):

Implement and manage GRC processes, including risk assessments, policy development, control mapping, and remediation tracking for cloud environments.

Security Automation:

Develop and maintain automated security controls and monitoring using infrastructure-as-code (Terraform, CloudFormation), CI/CD pipelines, and scripting (Python, Shell).

Incident Response:

Participate in security incident detection, response, and investigation. Coordinate with internal teams to ensure timely resolution and root cause analysis.

Vulnerability Management:

Conduct regular vulnerability assessments, penetration testing, and remediation activities for cloud infrastructure and applications.

Security Awareness & Training:

Collaborate with teams to promote security best practices, deliver training, and foster a culture of security across the organization.

Documentation & Reporting:

Maintain accurate documentation of security architecture, controls, incidents, and compliance activities. Prepare regular reports for stakeholders and leadership.

SKILLS AND EXPERTISE

Cloud Security Operations, Security Tooling, Compliance Readiness, Givernance, Risk and Compliance, Security Automation, Incident Response, Vulnerability Management