Senior DevSecOps Engineer

The Senior DevSecOps Engineer will play a pivotal role in designing, implementing, and maintaining secure, scalable, and automated DevSecOps pipelines across cloud and on-prem environments. This role ensures that security is fully embedded across the entire SDLC, from infrastructure provisioning (IaC) to deployment, monitoring, and incident response. The position demands hands-on experience with automation, cloud security, CI/CD, and secure coding practices—while collaborating closely with development, operations, and security teams to drive a culture of “security as code.”

Responsibilities

• Design, build, and maintain secure CI/CD pipelines for continuous integration and delivery.
• Integrate automated security checks (SAST, DAST, SCA, secret scanning) into build and deployment workflows using open-source and commercial tools.
• Champion “shift-left” security by embedding controls early in the development lifecycle.
• Develop and maintain Infrastructure as Code (IaC) using tools such as Terraform, Ansible, and other automation frameworks.
• Implement configuration management and drift detection across multi-environment deployments.
• Ensure secure configuration and monitoring of cloud environments (Azure, the company Cloud, and others).
• Enforce cloud security best practices using CIS Benchmarks and other frameworks.
• Review and secure IaC templates (Terraform, CloudFormation, Ansible) to prevent misconfigurations and enforce Policy-as-Code using tools like Open Policy Agent (OPA).
• Participate in threat modeling, vulnerability assessments, and penetration testing efforts.
• Harden container images and Kubernetes clusters; implement runtime security, image scanning, and RBAC using tools like Aqua, Clair, Trivy, or Falco.
• Collaborate with security teams to identify, triage, and remediate vulnerabilities across infrastructure, applications, and dependencies; integrate scanners into DevOps workflows.
• Develop scripts and automation for security operations and compliance checks using Python, Bash, or Go.
• Implement secure secrets management using Vault, Azure Key Vault, or equivalent tools, enforcing least-privilege access.
• Maintain comprehensive documentation of security controls, configurations, runbooks, and architecture.
• Collaborate with developers, SREs, and security engineers to promote secure coding and deployment practices; conduct training and contribute to security awareness initiatives.

Qualifications
Required Skills / Qualifications

• Proven experience in DevSecOps, cybersecurity, and infrastructure automation.
• Deep familiarity with SDLC processes, Infrastructure as Code (Terraform, Ansible, etc.), and configuration management.
• Strong knowledge of cloud security best practices and cloud-native security tooling.
• Experience applying Policy-as-Code using OPA or similar tools.
• Ability to conduct and automate comprehensive security assessments (network, infrastructure, application/API, Kubernetes, containers, cloud compliance).
• Proficiency in scripting and automation (Python, Bash, PowerShell, etc.).
• Excellent communication skills with the ability to present findings clearly to both technical and non-technical stakeholders.

Preferred Skills / Qualifications

• Hands-on experience with Kubernetes security (runtime security, RBAC, image scanning).
• Familiarity with major cloud platforms including Azure, AWS, and the company Cloud.
• Knowledge of modern DevOps practices and secure CI/CD architecture.
• Certifications such as CDP, CKA, CKS, OSCP, CRTP, or equivalent are advantageous.