DevSecOps Engineer

We are looking for a dedicated Sr/Lead DevSecOps Engineer to strengthen the security and resilience of our infrastructure and development pipeline. This role is integral to building and securing our cloud environments, developing automated solutions for infrastructure and security, and establishing DevSecOps best practices across our teams. Working closely with the technical lead and product owner, you’ll focus on ensuring that security is embedded into every phase of the development lifecycle, from code creation through deployment and monitoring. Responsibilities:

• Design, implement, and manage secure, scalable cloud infrastructure with a focus on automation.
• Develop and enforce security controls within CI/CD pipelines, ensuring code integrity, and enhancing security practices throughout the SDLC.
• Conduct regular vulnerability assessments, secure configuration reviews, and incident response activities.
• Develop and maintain infrastructure-as-code solutions using tools like Terraform and CloudFormation.
• Build and maintain robust monitoring and alerting systems for security events, leveraging tools such as AWS CloudTrail, GuardDuty, or equivalent.
• Partner with developers to ensure that DevSecOps best practices are applied, including secure coding standards, compliance controls, and identity and access management (IAM).
• Implement and manage secrets management, secure key management, and user access policies to protect sensitive information.
• Write and maintain scripts to automate security-related tasks, audit logs, and infrastructure management.
• Conduct root cause analysis for production incidents, documenting findings, and implementing preventive measures.
• Lead team training sessions to elevate security knowledge and build awareness around secure coding and DevSecOps best practices.

• Proven experience in implementing security solutions within cloud environments, especially AWS and/or Azure.
• Expertise in vulnerability scanning, threat modeling, and secure configuration management.
• Experience with infrastructure provisioning and automation tools (e.g., Docker, Ansible, Puppet, Chef, Terraform).
• Proficiency in scripting/programming languages such as Python, Bash, or PowerShell.
• Hands-on experience with CI/CD tools (Jenkins, GitLab CI, CircleCI) with a focus on integrating security checks.
• Strong understanding of IAM, secrets management (e.g., AWS Secrets Manager), and encryption standards.
• Experience managing web and application servers, as well as databases, in cloud-based or containerized environments.
• Strong problem-solving skills, with a proactive and analytical approach to resolving security incidents.
• Security certifications (e.g., AWS Certified Security, CISSP, OSCP) are a plus.

• Bachelor’s Degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in DevSecOps, with a strong background in cloud security and automation.

Seniority level

Employment type

Job function

Industries