Senior DevSecOps Engineer

Key Responsibilities

Secure Pipeline Engineering & Automation

• Design, implement, and maintain secure CI/CD pipelines with embedded security controls using Jenkins, GitHub Actions, GitLab CI, and modern DevOps toolchains
• Identify and remediate code vulnerabilities through automated scanning integration, enhancing overall pipeline security posture
• Integrate comprehensive security testing such as SAST, DAST and SCA throughout the Software Development Lifecycle (SDLC):
• Implement Infrastructure as Code (IaC) security practices using Terraform, Ansible, and cloud-native security controls
• Perform thorough vulnerability assessments and penetration testing across web applications, mobile platforms APIs, and cloud infrastructure environments
• Conduct threat modeling exercises and security architecture reviews for cloud-native applications and distributed systems.
• Execute both automated and manual security assessments following industry-standard methodologies and frameworks.
• Design and implement testing strategies that cover the full application stack and infrastructure components.
• Implement container security best practices with Docker and Kubernetes security hardening across multi-cloud environments (AWS, GCP, Azure, Huawei Cloud)
• Champion cloud-native security practices including microservices security, service mesh protection, and serverless security controls
• Build and maintain comprehensive security observability, monitoring, and incident response capabilities
• Drive organizational DevSecOps maturity transformation initiatives and cultural change programs
• Ensure compliance with established security frameworks and standards (OWASP, NIST, ISO 27001, SOC 2, PCI-DSS, GDPR)
• Lead security training programs and embed security awareness practices across development teams and stakeholders
• Conduct comprehensive security reviews, compliance audits, and post-incident analysis with actionable recommendations

Required Skills and Qualifications

Core DevSecOps Expertise

• 3+ years of hands-on DevSecOps, application security, or cybersecurity experience
• Deep understanding of secure software development lifecycle (SDLC) and DevSecOps principles
• Proven track record of embedding security into CI/CD pipelines and development workflows

Technical Security Skills

• Security Testing Mastery: Advanced proficiency with Burp Suite, OWASP ZAP, Metasploit, Nessus, and custom security tooling
• Code Security: Expert-level secure code review (manual and automated), static/dynamic analysis
• Cloud Security: Comprehensive knowledge of AWS, GCP, Azure security services and cloud-native security patterns
• Container Security: Docker and Kubernetes security hardening, image scanning, runtime protection
• API Security: REST/GraphQL security testing, authentication/authorization, API gateway security

DevOps & Automation Proficiency

• CI/CD Security: Jenkins, GitHub Actions, GitLab CI with embedded security scanning and gates
• Infrastructure as Code: Terraform, Ansible, CloudFormation with security best practices
• Programming & Scripting: Advanced Python, Bash, PowerShell, Go for security automation
• Monitoring & Observability: Security monitoring, SIEM integration, incident response automation

Security Frameworks & Standards

• Deep knowledge of OWASP Top 10, SANS Top 25, MITRE ATT&CK framework
• Experience with compliance frameworks (PCI-DSS, HIPAA, SOX, GDPR, CCPA, ISO 27001)
• Understanding of threat modeling methodologies and risk assessment practices
• Familiarity with security governance and regulatory requirements