Senior DevSecOps Engineer

Summary

Join Recruitics, a leader in Recruitment Marketing, as a Senior DevSecOps Engineer. You will play a crucial role in bridging development, security, and operations to ensure software security throughout the secure development lifecycle. Key responsibilities include integrating security practices into DevOps, conducting vulnerability assessments, overseeing cloud infrastructure security (AWS), and ensuring compliance with industry standards. You will also be involved in incident response, monitoring, auditing, and providing security training. This role requires 5-7 years of experience in DevOps or Security, with a focus on DevSecOps, and expertise in various technologies and tools. Recruitics offers competitive compensation and benefits, including a casual work environment and opportunities for career growth.

Requirements

• Minimum 5-7 years of experience in DevOps, Security, or related roles, with at least 2-3 years focused on DevSecOps
• Proven experience working with CI/CD pipelines, containerization technologies (Docker, Kubernetes), and cloud platforms (AWS)
• Hands-on experience with security tools such as SonarQube, Crowdstrike, mimecast, and tenable
• Strong knowledge of infrastructure-as-code (IaC) tools such as Terraform, CloudFormation, or Ansible
• Expertise in automation scripting (Python, Bash, or similar languages)
• Experience with version control systems (Git, GitLab, Bitbucket)
• Familiarity with security protocols and standards (OAuth, SSL/TLS, PKI)
• Strong knowledge of network security, firewalls, identity and access management (IAM), and encryption technologies
• Experience with vulnerability scanning tools and static/dynamic analysis
• Strong problem-solving and analytical skills
• Excellent communication and collaboration skills, with the ability to work with cross-functional teams
• A proactive and continuous improvement mindset

Responsibilities

• Secure Architecture: Under the guidance of the VP of Information Security, maintain a secure cloud architecture and evangelize security best practices within the enterprise that comply with our SOC II policies and procedures
• DevSecOps Integration: Collaborate closely with Development, Operations, and Security teams to integrate security practices into the development lifecycle and DevOps processes
• Vulnerability Management: Conduct vulnerability assessments, security testing, and advise teams on remediation
• Cloud Security: Oversee and enhance the security posture of cloud-based infrastructure (AWS), ensuring secure deployments and configurations
• Compliance & Best Practices: Ensure that security controls are aligned with industry standards and best practices (e.g., OWASP, NIST, GDPR) and work toward achieving and maintaining compliance
• Incident Response: Be the technical point of contact on security incidents, providing expertise in root cause analysis and remediation
• Monitoring & Auditing: Implement monitoring tools to detect and respond to security incidents and audit the security of systems and applications
• Security Training & Awareness: Provide guidance and training to other teams on security best practices, secure coding techniques, and threat mitigation strategies
• Tooling & Infrastructure: Select, deploy, and manage security tools and frameworks for automated security testing, vulnerability scanning, and threat detection

Preferred Qualifications

• Security certifications such as CISSP, CISM, or other relevant certifications
• Experience with threat modeling and risk assessments
• Familiarity with security frameworks and methodologies (e.g., NIST, OWASP Top 10, SOC 2)
• Knowledge of security in microservices architecture

Benefits

• Competitive compensation and benefits
• Casual work environment
• Opportunities for career growth