You will automate and own security tooling, Integrate SAST, DAST, container/IaC scans, and secret detection into our CI/CD, continuously improving the stack. Harden application security, embed secure-coding best practices, OWASP Top-10 defenses, and threat modeling throughout the SDLC. Raise cloud security standards, keep our cloud environments aligned with best practice to mitigate any risk.
Key Responsibilities:
Secure CI/CD Pipelines: Integrate security into continuous integration and delivery workflows (CI/CD).
Automation & Tooling: Implement and manage tools for static and dynamic code analysis (SAST, DAST), software composition analysis (SCA), and secrets management.
Cloud Security: Ensure infrastructure-as-code (IaC) and cloud deployments (e.g., AWS, Azure, GCP) are secure and compliant.
Monitoring & Incident Response: Set up security monitoring and logging; support incident response and forensic analysis.
Policy & Compliance: Work with compliance teams to enforce standards such as ISO 27001, SOC 2, NIST, or HIPAA, depending on your environment.
Collaboration: Serve as a bridge between development, operations, and security to ensure alignment and shared responsibility for security.
Technical Skills:
3+ years of experience in DevOps, Security Engineering, or related roles.
Strong experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions ).
Proficiency in scripting (e.g., Python, Bash)
Hands-on experience with container security (Docker, Kubernetes) – trivy advantag
Familiarity with SAST, DAST, SCA tools (e.g., SonarQube, Checkmarx, Veracode, Aqua, Snyk).
Knowledge of cloud platforms (AWS, GCP) and cloud security..
Strong problem-solving and analytical skills.
Ability to work collaboratively across multiple teams.
Excellent communication and documentation abilities.
Advantage:
Security certifications such as CISSP, CEH, OSCP, or AWS Security Specialty.
Experience with zero-trust architecture or security in microservices.
Background in secure software development lifecycle (SSDLC) practices.
