DevSecOps Engineer

Position Summary:

The DevSecOps Engineer is responsible for integrating security across the software development and delivery lifecycle, ensuring that applications, infrastructure, and pipelines are secure by design. This role works closely with engineering, platform, and cloud teams to embed security controls, automate detection and remediation, and support compliance and risk‑reduction efforts.

A successful DevSecOps Engineer demonstrates strong hands‑on technical capability, understands modern cloud‑native architectures, and proactively applies security best practices without slowing delivery.

Job Responsibilities:

Security Engineering & Secure Development

• Apply security best practices to address common vulnerabilities, including OWASP Top 10 risks.
• Participate in threat modeling discussions to identify attack vectors and mitigate risks early in the design phase.
• Review application code for security vulnerabilities and enforce secure coding standards across development teams.

CI/CD & DevSecOps Integration

• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Tune security tools, minimize false positives, and support automated remediation where feasible.
• Design and maintain secure CI/CD pipelines with appropriate security gates and controls.
• Automate security scans and contribute to reusable security automation frameworks.

Container & Kubernetes Security

• Enforce secure base image standards and harden container configurations.
• Implement runtime container security controls (e.g., Falco or equivalent tools).
• Apply Kubernetes security best practices including RBAC, network policies, and Pod Security standards.

Cloud & Infrastructure security (AWS)

• Implement least‑privilege access models using IAM roles and policies.
• Configure secure networking controls including security groups, NACLs, and zero‑trust principles.
• Support secure cloud architecture through policy enforcement and continuous monitoring.

Secrets, Identity & Access Management

• Implement centralized secrets management using tools such as AWS Secrets Manager or HashiCorpVault.
• Enforce secrets rotation policies and access controls.
• Apply Role‑Based Access Control (RBAC) across platforms and services.

Vulnerability Management & Compliance

• Monitor, prioritize, and track vulnerabilities across applications and infrastructure.
• Define and support SLAs for vulnerability remediation.
• Implement audit logging and support compliance and internal audit requirements.

Monitoring, Detection & Incident Response

• Monitor logs and security telemetry for anomalous or suspicious activity.
• Implement and support SIEM solutions and security dashboards.
• Assist in handling security incidents, including basic incident response and root‑cause analysis.

Data & Network Security

• Apply data security controls including encryption in transit (TLS) and at rest.
• Support secure data handling and protection designs across systems.
• Assist in designing and maintaining secure network architectures.
• Any additional duties needed to help demonstrate our core values, drive our vision, and fulfill our mission.

Competencies:

• Accountability & Integrity
• Communication
• Analytical Thinking
• Initiative
• Interpersonal Skills
• Problem Solving Self-Management
• Teamwork
• Technical Proficiency

Qualifications:

• Business-level English proficiency
• 2–5 years of experience in DevSecOps, Application Security, Cloud Security, or a related role.
• Bachelor’s degree in Computer Science, Information Technology, Engineering, or a related technical field.
• Strong understanding of application and infrastructure security fundamentals.
• Hands‑on experience with:

• SAST, DAST, and SCA tools
• CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins)
• Containers and Kubernetes security
• AWS security services and IAM

• Experience with secrets management and secure configuration practices.
• Working knowledge of monitoring, logging, and security observability tools.
• Ability to automate repetitive security tasks using scripts or pipelines.
• Strong problem‑solving skills and the ability to collaborate with cross‑functional teams.

Preferred:

• Experience with runtime security tools (e.g., Falco).
• Exposure to SIEM platforms and incident response processes.
• Familiarity with compliance standards and audit preparation.
• Experience working in cloud‑native, microservices‑based environments.