Senior DevSecOps Engineer

🔧 Key Responsibilities

• Design and implement secure CI/CD pipelines
• Integrate security tools (SAST, DAST, SCA) into development workflows
• Automate security testing and compliance checks
• Collaborate with development, QA, and IT teams to embed security early (shift-left approach)
• Monitor systems for vulnerabilities and respond to security incidents
• Manage cloud security (AWS, Azure, GCP)
• Implement Infrastructure as Code (IaC) securely (Terraform, CloudFormation)
• Conduct threat modeling and risk assessments
• Ensure compliance with standards like ISO 27001, SOC 2, GDPR
• Mentor junior engineers and drive security best practices

🧠 Required Skills & Qualifications

✅ Technical Skills

• Strong experience with DevOps tools (Jenkins, GitHub Actions, GitLab CI/CD)
• Knowledge of containerization (Docker, Kubernetes)
• Experience with cloud platforms (AWS, Azure, GCP)
• Familiarity with security tools:
  • SAST: SonarQube, Checkmarx
  • DAST: OWASP ZAP, Burp Suite
  • SCA: Snyk, Dependabot
• Proficiency in scripting/programming (Python, Bash, Go)
• Understanding of network security, IAM, encryption

🔐 Security Knowledge

• Application security principles (OWASP Top 10)
• Vulnerability management
• Identity & Access Management (IAM)
• Secrets management (Vault, AWS Secrets Manager)
• Compliance and regulatory frameworks