Role Summary
As a Lead DevSecOps Engineer, you will be responsible for embedding security practices within our DevOps processes. You'll work closely with development, operations, and security teams to ensure that security is built into our CI/CD pipelines, infrastructure, and applications from the ground up.
Key Responsibilities
- Integrate security tools and practices into CI/CD pipelines.
- Automate security scans (SAST, DAST, SCA, container security etc.).
- Conduct threat modelling and security assessments on infrastructure and applications.
- Develop and enforce security best practices across development and deployment environments.
- Collaborate with development and operations teams to remediate vulnerabilities.
- Manage and monitor infrastructure-as-code (IaC) with security in mind (e.g., Terraform, CloudFormation).
- Support compliance initiatives (e.g., SOC2, ISO 27001, PCI-DSS).
- Stay up to date with the latest security threats, vulnerabilities, and technologies.
Required Skills & Qualifications
- 10+ years of experience in DevOps or DevSecOps roles.
- Strong understanding of DevOps tools and practices (CI/CD, Jenkins, Groovy, GitOps, Containers, Orchestration, Kubernetes, Networks).
- SAST, SCA, OSA, DAST
- Hands-on experience with security tools like SonarQube, Checkmarx, Aqua, Twistlock, Trivy, etc.
- Expertise in scripting (Bash, Python, Golang, Rust etc.) and automation.
- Experience with public cloud platforms (AWS, Azure, GCP) and securing cloud-native environments.
- Familiarity with IaC tools (Terraform, Ansible, etc.) and secure coding principles.
