DevSecOps Engineer

Job Description DevSecOps Engineer

We are seeking a technically sound and security-focused DevSecOps Engineer to enhance and operationalize security across our DevOps pipelines and cloud infrastructure. This role acts as the bridge between security and engineering teams, ensuring that security controls are seamlessly embedded across the software development lifecycle (SDLC), CI/CD processes, and cloud-native deployments. The Engineer will be responsible for executing daily tasks, integrating security tools, responding to pipeline-related security events, and supporting remediation efforts in collaboration with developers and cloud teams.

Key Responsibilities

• Secure DevOps Operations & Control Validation
• Monitor CI/CD pipelines (e.g., AWS Code Libraries) for policy violations, secrets leakage, or insecure configurations
• Analyze scan results from SAST/DAST/IAST tools (e.g., SonarQube, Checkmarx, ZAP, OWASP Dependency-Check) and prioritize remediation with developers
• Review container security reports and assist in vulnerability triage, including base image hardening recommendations
• Conduct IaC security reviews (Terraform, CloudFormation) to identify pre-deployment misconfigurations
• Maintain security guardrails in pipeline configurations (e.g., enforce code signing, static analysis stages)
• Monitor security dashboards and logs for abnormal behaviour in deployed environments
• Support real-time responses to security findings within CI/CD environments or cloud workloads
• Security Automation, Policy-as-Code & Dev Collaboration
• Implement and maintain automated security controls in CI/CD pipelines and maintain a JIRA board for all vulnerabilities reported throughout the product lifecycle.
• Write custom automation scripts to enforce preventive security measures and reduce manual errors
• Collaborate with development and platform teams to guide secure coding, library hygiene, and deployment practices
• Participate in threat modelling, security architecture reviews, and secure design sessions for new services
• Document pipeline security procedures, tool configurations, and developer guidance playbooks
• Assist in evaluating new security tools, perform POCs, and integrate selected solutions into the SDLC
  
  

Weekly and Monthly Contribution

• Review critical vulnerabilities in deployed apps and ensure remediation SLAs are tracked
• Perform pipeline audits for bypasses, insecure stages, and outdated controls
• Review source code repository settings (branch protections, token scopes, etc.)
• Participate in developer workshops to drive secure coding awareness
• Update DevSecOps metrics and dashboards in JIRA
• Contribute to post-mortem reviews of release-related security incidents
  
  

Required Qualifications

• 24 years of experience in AppSec, DevSecOps, or security engineering roles
• Solid understanding of CI/CD pipeline workflows and security tools
• Hands-on experience in scripting/automation (e.g., Python, Bash, Groovy, YAML-based pipeline definitions)
• Experience with cloud-native deployments, Familiarity with vulnerability management, secure code practices, and SDLC best practices
• Understanding of OWASP Top 10, SANS CWE 25, and container security standards
  
  

Soft Skills & Traits

• Detail-oriented with a proactive mindset toward prevention
• Ability to work cross-functionally with engineering, QA, and operations
• Excellent communication and documentation skills
• Strong troubleshooting capability in fast-paced CI/CD environments Confidential
  
  

All Rights Reserved

• Curiosity-driven with a desire to automate and improve