DevSecOps Engineer

We are seeking a skilled and experienced DevSecOps Engineer to join our team. The ideal candidate will have a strong background in cloud infrastructure management, security, and IT operations. You will be responsible for embedding security practices into our cloud environment, ensuring that security is a core component throughout the software development lifecycle (SDLC). Your role will involve collaborating with development, operations, and security teams to automate security controls, audit compliance, and manage vulnerabilities.

• Security Integration: Embed security best practices within cloud environment, ensuring that security checks are automated and integrated at every stage of the software development lifecycle.
• Automation: Design and implement automated security detection/prevention measures and reports to identify and mitigate risks in cloud environment.
• Collaboration: Work closely with development, IT operations, and security teams to create a culture of security awareness and shared responsibility.
• Monitoring and Logging: Implement and maintain security monitoring, logging, and alerting tools to detect and respond to security incidents in real-time.
• Compliance: Ensure compliance with industry standards and regulations (e.g., GDPR, HIPAA, PCI-DSS) by integrating relevant security controls and conducting regular audits.
• Risk Assessment: Perform threat modeling, risk assessments, and vulnerability analysis to proactively identify and address potential security threats.
• Incident Response: Develop and maintain incident response plans, and collaborate with relevant teams to respond to and mitigate security incidents.
• Continuous Improvement: Continuously evaluate and improve security practices within the DevOps environment, staying up-to-date with the latest security trends, tools, and techniques.
• Documentation: Maintain clear and comprehensive documentation of security policies, procedures, and configurations.

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience).

• 3+ years of experience in Cloud Infrastructure Management or DevOps, with a focus on managing cloud infrastructure and integrating security into AWS cloud environments.
• Experience with AWS cloud platforms and securing cloud-native applications.
• Strong understanding of AWS security product like Security Hub, GuardDuty and others.

• Proficiency in managing AWS Cloud Infrastructure, especially AWS Control Tower, AWS Organization, AWS Landing Zone, AWS IAM Identity Center, AWS Transit Gateway and AWS Security Product.
• Experience with CI/CD tools (Jenkins, GitLab CI, CircleCI, etc.) and security tools (SonarQube, OWASP ZAP, Snyk, etc.) and its workflow.
• Familiarity with containerization (Docker, Kubernetes) and securing containerized applications.
• Knowledge of infrastructure-as-code (IaC) tools (Terraform, Ansible) and related security considerations.
• Experience with vulnerability management tools (Nessus, Qualys) and techniques.

• Strong communication and collaboration skills, with the ability to work effectively in a cross-functional team.
• Problem-solving mindset with a proactive approach to identifying and addressing security challenges.
• Ability to stay current with emerging security threats and technologies.

• Certifications such as AWS Solution Architect (Associate/ Professional) or equivalent.
• Experience in a regulated environment (e.g., healthcare, finance) with knowledge of specific compliance requirements.
• Familiarity with agile development methodologies and practices.