DevSecOps Manager

We are seeking a highly experienced DevSecOps Manager to lead the architecture and execution of our entire DevSecOps framework. Your core mission is to champion the "Secure by Design" philosophy and leverage a deep engineering mindset to drive the program. This perspective will be essential for facilitating faster issue identification and building proactive solutions to mitigate potential issues and delivery blockers. You will balance aggressive high-velocity delivery goals with uncompromising security and compliance to build a secure, resilient and highly scalable system.

You will have deep technical ownership of our Multi-Cloud environment (AWS GCP), container orchestration (Kubernetes), and CI/CD workflows, while proactively managing our Cloud Security Posture.

• Facilitate SRE/Engineering teams to create, deploy, and manage secure, scalable infrastructure across AWS and GCP (knowledge of Azure is a plus).
• Implement Infrastructure as Code (IaC) using Terraform to ensure reproducible, auditable, and compliant environments.
• Manage and harden Linux-based application servers, ensuring OS-level security and performance tuning.

• IAM Governance: Design and enforce strict Identity and Access Management (IAM) policies based on the Principle of Least Privilege (PoLP).
• CSPM Management: Implement and manage Cloud Security Posture Management tools (eg, AWS Security Hub, GCP Security Command Center, or Wiz) to detect misconfigurations in real-time.
• Audit Compliance: Ensure infrastructure meets industry benchmarks (CIS Benchmarks, SOC2 etc) and manage automated compliance checks.
• Encryption: Manage secret lifecycles using HashiCorp Vault or AWS KMS/GCP KMS, ensuring data is encrypted at rest and in transit.

• Design and maintain production-grade Kubernetes clusters (EKS/GKE).
• Implement Container Security best practices, including image scanning (Trivy/Clair/Wiz) and runtime security (Falco).

• Build and optimize end-to-end CI/CD pipelines using Jenkins, Harness, or Woodpecker.
• Write advanced automation scripts using Python and Shell (Bash) to auto-remediate security incidents (eg, automatically isolating a compromised instance).
• Utilize Configuration Management tools like Ansible to enforce security configurations across all servers.

• Design Secure CDN architectures, implementing comprehensive WAF rules and DDoS protection.
• Ensure "Origin Security" to prevent attackers from bypassing the CDN to hit the servers directly.

• Maintain a robust monitoring stack using Prometheus, Grafana, and ELK/Sumologic/Coralogic.
• Implement security logging and alerting (SIEM integration) to detect anomalies in traffic or access patterns.

• Drive effective project management for DevSecOps initiatives, defining clear scope, managing dependencies, and ensuring timely, high-quality delivery.
• Drive end-to-end automation for controls, compliance enforcement, and incident response, striving for self-healing infrastructure and zero-touch operations.
• Mentor and lead technical team members, fostering a collaborative, knowledge-sharing environment that promotes best practices in security and automation.

• OS: Expert-level Linux administration and hardening [mandatory].
• Scripting: Python Shell for automation and security tooling integration [mandatory].
• SCM: GitHub (Security features: Dependabot, CodeQL).

• Cloud Providers: AWS (GuardDuty, Inspector, KMS, WAF) GCP (IAM, VPC Service Controls) [mandatory].
• Cloud Security: Experience with CSPM tools (Wiz) and Compliance frameworks (CIS).
• Container Security: Kubernetes Network Policies, Pod Security Standards, Image Signing.

• Orchestration: Kubernetes, Docker.
• IaC: Terraform.
• CI/CD: Jenkins, Harness, Woodpecker.
• Config Mgmt: Ansible, Chef.