- We are seeking a highly skilled Senior DevSecOps Engineer with expertise in Governance, Risk, and Compliance (GRC), Microsoft Azure Security, and Application Security
- The ideal candidate will be responsible for integrating security into DevOps processes, automating security controls, and ensuring compliance with security policies in cloud-native and hybrid environments
- Key Responsibilities:1
- DevSecOps & Security Automation:Integrate security best practices into CI/CD pipelines using tools like Azure DevOps, GitHub Actions, and Jenkins
- Automate security scanning for SAST, DAST, and SCA (e
- g
- , SonarQube, Checkmarx, Veracode)
- Implement Infrastructure as Code (IaC) security for Azure using Terraform, Ansible, and ARM templates
- Develop and maintain automated security testing frameworks for applications and cloud workloads
- 2
- Governance, Risk & Compliance (GRC):Ensure compliance with industry security standards (NIST, ISO 27001, CIS, SOC 2, GDPR, HIPAA)
- Develop and implement security policies, frameworks, and risk assessment strategies
- Conduct security audits and vulnerability assessments to identify compliance gaps
- Provide security guidance for third-party risk management and vendor security reviews
- 3
- Cloud Security (Azure & Hybrid Environments):Secure Azure workloads, including Azure Security Center, Defender for Cloud, and Sentinel SIEM
- Implement Zero Trust security models for cloud-native applications and microservices
- Enforce IAM, RBAC, and Conditional Access Policies in Azure
- Monitor and mitigate cloud security threats, ensuring continuous compliance
- 4
- Application Security:Secure web and API applications using OWASP best practices
- Implement API security measures (OAuth, JWT, WAF, mTLS)
- Perform threat modeling and secure code reviews
- Collaborate with development teams to embed Shift Left security principles
- 5
- Incident Response & Threat Management:Develop and implement Incident Response Plans (IRP) and Security Playbooks
- Investigate security breaches and coordinate forensic analysis
- Utilize SIEM, SOAR, and XDR tools for threat detection and response
- Educate DevOps and Engineering teams on secure coding practices
- Required Skills & Experience: 8+ years of experience in DevSecOps, Cloud Security, and Application Security
- Strong expertise in Azure Security Services (Defender, Sentinel, Key Vault, RBAC)
- Hands-on experience with DevSecOps pipelines (Azure DevOps, GitHub, Jenkins)
- Experience with security automation tools (Terraform, Ansible, Python, PowerShell)
- Deep knowledge of Application Security (SAST, DAST, SCA, OWASP, API Security)
- Strong understanding of GRC frameworks (NIST, ISO 27001, CIS Benchmarks)
- Experience with Container Security (Docker, Kubernetes, Istio)
- Preferred Qualifications (Nice to Have): Certifications: CISSP, CCSP, CEH, AZ-500, CRISC, OSCP
- Experience with SIEM & SOAR platforms (Splunk, Azure Sentinel, QRadar)
- Familiarity with Blockchain Security & Zero Trust architectures
- Knowledge of AI/ML-based security automation
Role: Security Architect / Consultant
Industry Type: IT Services & Consulting
Department: IT & Information Security
Employment Type: Full Time, Permanent
Role Category: IT Security
Education
UG: Any Graduate
PG: Any Postgraduate
