Devsecops Engineer

Key Responsibilities:

• Collaborate seamlessly with developers, security engineers, and operations teams to seamlessly integrate security measures throughout the development lifecycle.
• Design, deploy, and manage the CI/CD pipeline using Jenkins, GitLab, and GitHub.
• Implement automated security testing protocols using tools such as SonarQube, Snyk, Blackduck, and other relevant resources.
• Develop and uphold security policies, procedures, and standards aligned with the software development lifecycle.
• Formulate and sustain secure coding standards and guidelines.
• Identify and rectify security vulnerabilities in the software development lifecycle.
• Conduct comprehensive security reviews and penetration testing to guarantee software security.
• Play an active role in incident response and manage security incidents effectively.
• Collaborate closely with development teams to enforce security controls.
• Offer expert security guidance to various teams within the organization.
• Requirements:
• Bachelor's degree in Computer Science, Information Technology, or a related field.
• A minimum of 5 years of hands-on experience in DevSecOps, security engineering, or a related field.
• Proficiency in CI/CD tools such as Jenkins, GitLab, and GitHub.
• Expertise in automated security testing using SonarQube or equivalent tools.
• In-depth understanding of security best practices, standards, and methodologies.
• Proven experience in designing and implementing security solutions in a continuous delivery environment.
• Familiarity with containerization technologies like Docker and Kubernetes.
• Strong analytical and problem-solving skills.
• Effective communication and collaboration skills.
• Proficiency in scripting languages such as Python, Bash, or PowerShell.
• Thorough comprehension of SAST, DAST/IAST, VAPT, Performance Engineering, and Application performance monitoring.

Preferred Qualifications:

• Master's degree in Computer Science, Information Technology, or a related field.
• Certifications in DevOps, Security, or related domains.
• Experience with cloud platforms such as AWS, Azure, or GCP.
• Proficiency with infrastructure-as-code tools like Terraform or Ansible.
• Knowledge of network security and firewalls.
• Familiarity with intrusion detection and prevention systems.