Description
Key Skills: DevSecOps, CI/CD, Azure DevOps, Python, Docker, Kubernetes, Jenkins, PowerShell, Git, SAST
Good to Have Skills: GitLab CI, Bash scripting, SCA tools, secrets scanning, container scanning, IaC scanning, vulnerability management, artifact management, code signing, automated testing frameworks, VM-based test environments, AI tools for software development, secure coding practices, package repository governance, license awareness.
Roles & Responsibilities:
- Design, implement, and improve secure CI/CD pipelines, reusable templates, and automated guardrails for application teams.
- Develop scripts and automation to streamline security checks, environment validation, reporting, remediation workflows, and operational tasks.
- Integrate security tools such as SAST, SCA, secrets scanning, container scanning, IaC scanning, and vulnerability management into development workflows.
- Support package and dependency management practices, including secure artifact handling, dependency updates, vulnerability remediation, and license awareness.
- Partner with development teams to review application designs, identify security risks early, and provide practical remediation guidance.
- Drive vulnerability triage and remediation by prioritizing findings based on risk, exploitability, business impact, and compliance needs.
- Strengthen cloud, container, Kubernetes, infrastructure-as-code, identity, secrets management, and deployment security practices across the organization.
- Build dashboards, metrics, and reporting to track security posture, control adoption, remediation progress, and pipeline health.
- Contribute to security standards, secure coding practices, automation patterns, package management guidelines, and engineering documentation.
- Support security reviews, audits, incident learnings, and root-cause analysis by turning findings into repeatable preventive controls.
- Coach developers and platform teams on DevSecOps best practices, helping security become part of everyday engineering workflows.
- Stay current with emerging security threats, tooling, and industry practices, and recommend improvements for safer software delivery.
Experience Required: 5+ years of proven experience as a DevOps or DevSecOps Engineer with strong focus on CI/CD pipelines and infrastructure.
Education: Bachelor's or Master's degree in Computer Science, Computer Engineering, or related field with expertise in software development