DevSecOps Engineer

Skills

• Bachelor’s degree in Computer Science or Information Technology field • 4+ years of experience in DevSecOps principles and practices. • Proven track record of designing are as Code (IaC) tools (Terraform Kubernetes) and multi-cloud environments (AWS Azure GCP). • Deep understanding knowledge of containerization technologies (Docker Helm). • Experience with next-generation artifact management solutions (Artifactory JFrog). • Experience integrating security best practices and tools (SAST/DAST IaC scanning) into the SDLC. • Familiarity with API Security Container Security and AWS Cloud Security. • Knowledge of Prisma Cloud SIEM SOC Nessus CrowdStrike or similar services. • Excellent communication collaboration and problem-solving skills. • Ability to thrive in a fast-paced dynamic environment. • Strong scripting skills (Python Go Bash). • Delivers Results • Teamwork & Collaboration • Effective communication • Excellent verbal/written communication skills • Ability to analyze and solve problems • Strong attention to detail

Description

As a DevSecOps Engineer, you will play a pivotal role in shaping our software development lifecycle by integrating security practices seamlessly into our processes. Your technical expertise and leadership will drive the implementation of robust CICD (Continuous Integration and Continuous Deployment) patterns while adhering to industry standards and policies. You’ll collaborate with cross-functional teams, ensuring that our applications are secure, reliable, and efficiently deployed.

Responsibilities

• • Design and implement secure, scalable solutions to address infrastructure and security requirements.
• • Champion DevSecOps practices, integrating security seamlessly into the SDLC with tools like SAST/DAST solutions and Infrastructure as Code (IaC) scanning (e.g., Prisma Cloud, SonarQube).
• • Identify and implement opportunities for pipeline automation and optimization, driving efficiency and speed.
• • Embrace Infrastructure as Code (IaC) using tools like Terraform and Kubernetes to automate and manage multi-cloud deployments (e.g.: AWS, Azure).
• • Lead the containerization charge, leveraging Docker and Helm 3 for efficient application packaging and deployment.
• • Strong understanding of security concepts, including threat modeling, risk assessment, and vulnerability management
• • Proficiency in automation tools, configuration management, and continuous integration and deployment (CI/CD) pipelines. Familiarity with tools like GitHub Actions, ArgoCD, Terraform.
• • Expertise in cloud security principles, including secure architecture design and configuration management. Familiarity with popular cloud platforms like AWS, Microsoft Azure
• • Implement state-of-the-art artifact management solutions for secure storage and distribution (e.g., Artifactory, Nexus.)
• • Implement and maintain robund implementing secure, automated CI/CD pipelines with modern tools (GitOps, GitHub Actions etc.)
• • Deep understanding of Infrastructust monitoring solutions (e.g., Prometheus, Grafana) to gain deep insights into application and infrastructure health.
• • Integrate and leverage a SIEM tool (Splunk or similar) to collect, analyze, and correlate security-related data from various sources for advanced threat detection and incident response.
• • Possess a strong understanding of web server configuration and management (e.g., Apache, Nginx) for optimal performance and security.
• • Possess a strong foundation in Unix/Linux administration, including scripting (Bash), user and permission management, and system troubleshooting.
• • Foster a collaborative environment, working closely with development, security, and operations teams to ensure seamless software delivery.
• • Stay ahead of the curve by researching and integrating the latest DevSecOps trends and methodologies.
• • Share your expertise through internal training and knowledge sharing sessions.
• • Develop and maintain clear documentation for DevSecOps processes and tools, ensuring consistency and knowledge transfer.
• • Troubleshoot and resolve complex issues within the CI/CD pipeline and cloud deployments.
• • Keep incident tracking tools updated and document discoveries and concerns.
• • Proactive approach to identify and mitigate security risks
• • Champion agile methodologies within the DevSecOps workflow, ensuring continuous integration, delivery, and feedback loops.
• • Align with Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL).
• • Understanding cloud security principles, including secure architecture design and configuration management
• • Familiarity with API Security, Container Security
• • Experience with cloud technologies for cloud DevSecOps