DevSecOps Security Engineer

Responsibilities:
 Implement, configure, and maintain security testing tools within CI/CD pipelines, including
SAST, DAST, SCA, and container security scanning tools while ensuring seamless integration
with existing workflows
 Conduct comprehensive security assessments, vulnerability testing, and code reviews
throughout the development lifecycle, providing detailed remediation guidance and tracking
security improvements
 Design and implement security automation processes, including automated vulnerability
scanning, compliance checking, and security testing integration within DevOps workflows
 Review and assess Infrastructure as Code (IaC) implementations, cloud configurations, and
deployment pipelines while collaborating with cloud infrastructure teams to ensure secure
resource provisioning
 Monitor and analyze security testing results, maintain security metrics dashboards, and
generate regular reports on application security posture and trends
 Work closely with development teams to implement secure coding practices, conduct security
training sessions, and provide guidance on vulnerability remediation
 Develop and maintain security documentation, including secure coding guidelines, security
testing procedures, and implementation standards for security tools
 Collaborate with security architects and development teams to implement security
requirements and controls throughout the application development lifecycle
 Support incident response activities related to application security issues and provide technical
expertise during security incidents
 Evaluate and recommend new security tools and technologies to enhance the DevSecOps
security program

Qualifications:

 10+ years of experience in IT Security with 5+ years of specific experience in DevSecOps

environments
 Bachelor's degree in Computer Science, Software Engineering, or related field with relevant
security certifications (Security+, CSSLP, CEH)
 Strong expertise in application security testing tools (SAST, DAST, SCA) and security
automation frameworks, with hands-on experience implementing these tools in CI/CD pipelines
 Comprehensive knowledge of CI/CD platforms (Jenkins, GitLab, Azure DevOps),
containerization technologies (Docker, Kubernetes), and Infrastructure as Code tools
(Terraform, CloudFormation)
 Advanced understanding of cloud platforms (AWS, Azure, GCP) and their native security
services, including experience with cloud security best practices and compliance requirements
 Proven experience with scripting and programming languages (Python, Bash, PowerShell) and
common application development frameworks
 Strong knowledge of application security concepts, secure coding practices, and common
vulnerability patterns (OWASP Top 10)
 Experience with security compliance frameworks (SOC2, ISO27001) and regulatory
requirements
 Demonstrated ability to work effectively with development teams and provide technical
guidance on security implementation
 Excellent troubleshooting and problem-solving skills with strong attention to detail
 Preferred: Experience with container security, serverless security, and API security testing
tools