Integrate Security : Embed security testing, reviews, and best practices into all phases of the development lifecycle
Automate Security Processes : Design, implement, and maintain security automation tools (e.g., SAST, DAST, SCA, secrets scanning) within the CI/CD pipelines to detect vulnerabilities early and efficiently.
Conduct Assessments and Testing : Perform regular vulnerability assessments, threat modeling, and penetration testing on applications and infrastructure to identify and mitigate risks.
Manage Infrastructure as Code (IaC) Security : Ensure secure configuration and management of cloud and on-premise infrastructure using IaC tools like Terraform, or CloudFormation.
Monitor and Respond to Incidents : Set up and manage security monitoring and observability solutions (e.g., SIEM, ELK stack, Grafana) to detect and respond to security incidents in real-time.
Ensure Compliance : Work with compliance teams to implement and enforce security policies and regulatory standards (e.g., GDPR, HIPAA, PCI-DSS, SOC 2).
Collaborate and Educate : Foster a security-aware culture by collaborating with cross-functional teams and providing guidance and training on secure coding practices and emerging threats.
Required
Experience : Proven experience in a DevSecOps, DevOps, or a related cybersecurity role (typically 4+ years, more for senior positions).
Technical Proficiency
CI/CD Tools : Jenkins, GitLab CI, GitHub Actions.
Cloud Platforms : Deep understanding of security on AWS.
Scripting/Programming : Proficiency in languages like Python, Bash, Shell, or Go for automation and custom tool development.
IaC and Containerization : Experience with Docker, Kubernetes, and Terraform.
Security Tools : Familiarity with vulnerability scanning, static/dynamic analysis, and secrets management tools (e.g., SonarQube, Snyk, HashiCorp Vault, OWASP ZAP).
Experience with AI/ML-based security tools for threat detection and risk forecasting.
HARD REQUIREMENTS (All Mandatory)
Core Experience :
Security in Production : Has actually fixed security vulnerabilities in live systems handling real user data at scale
AWS Security : Hands-on with IAM, Security Groups, KMS, Secrets Manager (not just theoretical)
CI/CD Security : Integrated security scanning in pipelines (not just built pipelines)
Compliance : Worked on ISO 27001, SOC 2, or PCI-DSS implementation (not just awareness)
Key Points
MUST have experience in handling 5k+ concurrent requests
MUST have prepared company for ISO/SOC 2 successfully
