DevSecOps Engineer

📋 Description

• • As a DevSecOps Engineer, you will be instrumental in weaving security into the very fabric of our software development and infrastructure lifecycle. Your primary mission will be to ensure robust security compliance, fortify our Identity and Access Management (IAM) practices, and engineer automated security controls that seamlessly integrate into our CI/CD pipelines and cloud environments. This role is pivotal in bridging the gap between development, operations, and security, fostering a culture where security is not an afterthought but an intrinsic part of every stage of delivery.
• • You will be responsible for designing and implementing sophisticated security compliance frameworks, meticulously aligning them with both organizational mandates and stringent industry standards. This involves a deep dive into risk management, ensuring that our systems and applications not only meet but exceed regulatory requirements and best practices.
• • A core aspect of your role will involve the hands-on implementation and ongoing management of Identity and Access Management (IAM) systems. You will define, enforce, and audit access control policies across our diverse infrastructure and applications, ensuring that only authorized personnel have the necessary permissions, thereby minimizing the attack surface.
• • Automation will be your key enabler. You will design, develop, and maintain security automation tools and scripts to streamline security testing, vulnerability scanning, and compliance validation processes. This includes integrating these automated checks directly into our CI/CD pipelines, providing rapid feedback to development teams and ensuring that security is validated early and often.
• • Proactive monitoring of our cloud infrastructure and applications for security threats, vulnerabilities, and misconfigurations will be a daily undertaking. You will leverage advanced security monitoring tools to detect anomalies, investigate potential breaches, and implement immediate remediation strategies.
• • You will collaborate closely with development teams, acting as a security champion to guide them in adopting secure coding practices and application security standards. This involves educating teams on common vulnerabilities, secure design principles, and the importance of security throughout the development process.
• • Conducting thorough security assessments, audits, and detailed vulnerability analyses will be crucial for identifying potential risks and developing effective mitigation plans. This proactive approach helps us stay ahead of emerging threats.
• • Implementing and managing infrastructure security controls across our cloud platforms (e.g., AWS, Azure, GCP) and containerized environments (e.g., Docker, Kubernetes) will be a significant part of your responsibilities. You will ensure that our foundational infrastructure is secure by design.
• • You will play a vital role in supporting incident response activities, including the investigation of potential security incidents. Your expertise will be critical in understanding the root cause, containing the damage, and implementing measures to prevent recurrence.
• • Maintaining comprehensive documentation for all security policies, procedures, and compliance requirements is essential for knowledge sharing, auditing, and continuous improvement.
• • You will also be tasked with evaluating and recommending new security tools, technologies, and methodologies to continuously strengthen our organization’s overall security posture and adapt to the evolving threat landscape.
• • This role offers a unique opportunity to make a tangible impact on the security and resilience of our systems, working in a dynamic, remote environment with a focus on innovation and continuous learning. You will be a key contributor to building a secure-by-design culture and enabling the rapid, yet secure, delivery of high-quality software.