Job Summary:

We are seeking a highly skilled and motivated DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will be responsible for ensuring the secure and efficient operation of our software development and deployment processes. You will collaborate with cross-functional teams to integrate security practices into the development lifecycle and foster a culture of security awareness. The ideal candidate will possess a strong background in software development, SDLC security principles, and threat modeling for application-based features.

Responsibilities:

• Design, develop, and implement secure software development and deployment pipelines, incorporating security best practices, automation, and continuous integration/continuous deployment (CI/CD) methodologies.
• Collaborate with development, operations, security champions program, and security teams to identify and prioritize security vulnerabilities/issues, and requirements and integrate security controls into the development lifecycle.
• Perform vulnerability assessments, and security code reviews to identify and address security vulnerabilities and risks.
• Implement and manage security tools and technologies such as SCA, SAST, IaC, etc/
• Develop and enforce security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry best practices.
• Stay up to date with the latest security trends, vulnerabilities, and threat intelligence to proactively identify emerging risks and recommend security enhancements.
• Collaborate with cross-functional teams to conduct security awareness training and promote a culture of security within the organization.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience) - advantage
• Proven experience in software development, DevSecOps or a related role.
• Strong knowledge of software development methodologies, tools, and frameworks.
• In-depth understanding of security principles, best practices, and industry standards (e.g., OWASP, NIST, ISO 27001).
• Experience with DevOps and CI/CD practices, including tools such GitLab/GitHub, ArgoCD.
• Familiarity with cloud platforms (e.g., AWS, Azure, GCP and associated security controls.
• Proficiency in scripting and programming languages (e.g., Python,NodeJS, C).
• Strong problem-solving and analytical skills, with the ability to identify and mitigate security risks.
• Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.
• Relevant certifications (e.g., Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP)) are a plus.