We are seeking a skilled DevSecOps Engineer with strong expertise in Checkmarx, CI/CD pipeline security, and application security practices. The ideal candidate will be responsible for integrating security into the software development lifecycle, automating security controls, identifying vulnerabilities, and collaborating with development teams to ensure secure application delivery.
Key Responsibilities
- Integrate, configure, and manage Checkmarx SAST/SCA scans within CI/CD pipelines.
- Perform application security assessments and identify security vulnerabilities across development environments.
- Analyze, prioritize, and track security findings through remediation.
- Collaborate with development teams to resolve application security issues and promote secure coding practices.
- Design, build, and maintain CI/CD pipelines using Azure DevOps, GitHub Actions, or Jenkins.
- Implement automated security controls, compliance validations, and deployment processes.
- Support and secure cloud-based environments across AWS, Azure, or GCP.
- Drive DevSecOps initiatives and advocate security best practices throughout the SDLC.
- Monitor security scan results and optimize security tooling for improved efficiency and accuracy.
Required Skills & Experience
- 3+ years of experience in DevOps or DevSecOps engineering.
- Hands-on experience with Checkmarx (SAST and/or SCA).
- Strong experience integrating security tools within CI/CD pipelines.
- Experience with Azure DevOps, GitHub Actions, or Jenkins.
- Solid understanding of OWASP Top 10, secure coding practices, and application security concepts.
- Experience working with AWS, Azure, or GCP environments.
- Proficiency in scripting and automation using PowerShell, Bash, or Python.
- Experience with vulnerability management and remediation workflows.
Preferred Skills
- Experience with Docker and Kubernetes.
- Hands-on exposure to security tools such as SonarQube, Veracode, Snyk, or Fortify.
- Knowledge of Infrastructure as Code (Terraform, CloudFormation).
- Familiarity with compliance and security frameworks.
- Experience implementing security gates and policy enforcement within CI/CD pipelines.
Preferred Candidate Profile
- Strong problem-solving and analytical skills.
- Ability to work collaboratively with development, operations, and security teams.
- Experience in enterprise-scale DevSecOps environments.
- Passion for automation, security, and continuous improvement.
Skill Matrix
Primary Skills: Checkmarx, DevSecOps, Application Security, SAST, SCA, CI/CD, Azure DevOps, Jenkins, GitHub Actions
Secondary Skills: AWS, Azure, GCP, Python, Bash, PowerShell, Docker, Kubernetes
Nice to Have: Terraform, CloudFormation, SonarQube, Veracode, Snyk, Fortify
