Sr. DevSecOps Engineer (Remote)

Responsibilities

• Design, implement, and maintain a secure and scalable DevSecOps environment, integrating security practices into the CI/CD pipeline.
• Collaborate with development and operations teams to automate security controls and processes, including vulnerability scanning, code analysis, and configuration management.
• Implement and maintain security tools and technologies, such as static application security testing (SAST), dynamic application security testing (DAST), and container security.
• Develop and enforce security policies, standards, and best practices for development, deployment, and operations.
• Conduct security assessments and risk analysis of applications, infrastructure, and cloud environments.
• mplement security monitoring and incident response capabilities, including log analysis, intrusion detection, and vulnerability management.
• Collaborate with cross-functional teams to remediate security vulnerabilities and implement security improvements.
• Conduct security training and awareness programs for development and operations teams.
• Stay updated with the latest security trends, vulnerabilities, and best practices to ensure the continuous improvement of security processes and tools.
• Provide guidance and support to junior members of the DevSecOps team.
• Participate in incident response activities and security audits as required.

Requirements

• Extensive experience in DevSecOps, software development, or systems administration, with a focus on security.
• Strong knowledge of DevSecOps practices and tools, including CI/CD pipelines, configuration management, and infrastructure automation.
• In-depth understanding of security principles, protocols, and technologies, including secure coding practices, encryption, identity and access management, and network security.
• Proficiency in implementing and managing security tools and technologies, such as SAST, DAST, container security, vulnerability management, and security information and event management (SIEM) systems.
• Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their security controls.
• Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security considerations.