Devsecops Engineer

Title: Cybersecurity Engineer (DevSecOps)

Location: Ahmedabad, GJ (100% Onsite)

Shifts: Rotational shifts, including night shifts

Job Description
We are seeking a highly skilled and motivated Cybersecurity Engineer with expertise in DevSecOps to join our dynamic cybersecurity team. In this role, you will be responsible for integrating security practices intoevery phase of the software development lifecycle (SDLC), ensuring that our systems, applications, and infrastructure are secure by design. You will collaborate with cross-functional teams to build automated, scalable, and secure solutions that align with best practices and compliance requirements. This technical role requires the ability to interact with internal and external peers in IT, Security, Risk, Compliance, and Operations teams, vendors, and third-party support organizations, as well as participation in advisory boards and incident management cases. The candidate will provide technical knowledge in designated areas during troubleshooting, root cause analysis, and problem management lifecycle.

Roles and Responsibilities:

• Integrate security into our CI/CD pipelines using automation tools.
• Conduct threat modeling and security assessments on applications and infrastructure.
• Perform vulnerability scanning and penetration testing to identify and remediate security weaknesses.
• Develop and implement security-as-code to automate security controls and compliance checks.
• Manage and monitor security tools such as WAFs, IDS/IPS, and SIEM systems.
• Collaborate with development and DevOps teams to educate and enforce security best practices.
• Design and implement security measures for cloud-based infrastructure (e.g., AWS, Azure, GCP), including IAM configuration, network segmentation, and encryption.
• Monitor and secure containerized environments (e.g., Docker, Kubernetes) to mitigate risks.
• Respond to and investigate security incidents, including root cause analysis.
• Ensure adherence to regulatory requirements and industry standards such as GDPR, HIPAA, PCI-DSS, and ISO 27001.
• Investigate and respond to security incidents related to DevSecOps pipelines and infrastructure.

Required Skills:

• 3-5+ years of experience in cybersecurity, with a focus on DevSecOps.
• Hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps, GitHub Actions).
• Proficiency in scripting languages (e.g., Python, Bash) for automation purposes.
• Strong knowledge of application security principles and frameworks (e.g., OWASP Top 10, NIST CSF).
• Expertise in cloud platforms (AWS, Azure, GCP) and securing cloud-native environments.
• Familiarity with container security tools (e.g., Aqua Security, Twistlock, Trivy).
• Experience with infrastructure-as-code (IaC) tools (e.g., Terraform, Ansible) and their security implications.
• Solid understanding of security operations and risk management.
• Knowledge of common vulnerability scanning tools and techniques.