Job Openings #2 - DevSecOps Engineer

About the job #2 - DevSecOps Engineer

Job Description – DevSecOps Engineer

Project Description

The DevSecOps Engineer will join a cross-functional technology team responsible for building, securing, and operating modern cloud-native platforms. The project focuses on implementing secure CI/CD pipelines, embedding security controls throughout the Software Development Life Cycle (SDLC), and automating infrastructure and application delivery in AWS-based environments. Security, scalability, and reliability are core pillars of this initiative.

Role Description

As a DevSecOps Engineer, you will be responsible for designing, implementing, and maintaining secure, automated CI/CD pipelines and cloud infrastructure. You will work closely with development, QA, security, and operations teams to ensure security is integrated by design, not as an afterthought. This role requires strong hands-on experience with automation, cloud services, security tooling, and infrastructure as code.

Key Responsibilities / Task Descriptions

  • Design, implement, and maintain secure CI/CD pipelines for application build, test, and deployment.

  • Integrate security scanning, compliance checks, and vulnerability management into development and deployment workflows (DevSecOps practices).

  • Automate infrastructure provisioning, configuration, and application deployment using Infrastructure as Code (IaC) and configuration management tools.

  • Collaborate with development, QA, security, and operations teams to ensure security best practices are embedded throughout the SDLC.

  • Support, enhance, and secure containerized and orchestrated environments.

  • Implement and enforce cloud security best practices, including IAM least-privilege access, secrets management, and secure networking.

  • Monitor, troubleshoot, and optimize CI/CD pipelines and cloud infrastructure.

  • Contribute to continuous improvement of automation, security controls, and operational processes.

Candidate Must-Have Skills & Requirements

CI/CD, Version Control & Security Integration

  • Strong experience building and maintaining enterprise-grade CI/CD pipelines.

  • Hands-on experience with GitHub, including branching strategies, pull request workflows, and repository management.

  • Experience with GitHub Actions, including secure workflows, secrets management, and runner configuration.

  • Experience with Jenkins (scripted and declarative pipelines, shared libraries).

  • Experience integrating SonarQube for code quality and SAST.

  • Experience with Fortify or similar static code analysis and security scanning tools.

  • Experience setting up and managing artifact repositories such as Nexus, JFrog Artifactory, or Amazon ECR.

Configuration Management & Automation

  • Strong experience with Ansible (roles, playbooks, secure inventory handling).

  • Experience with Puppet (manifests, modules, and environment management).

  • Solid understanding of Infrastructure as Code (IaC) concepts.

  • Hands-on experience with Terraform and/or AWS CloudFormation.

Scripting & Development

  • Proficiency in Bash, Python, and Groovy (for Jenkins and automation tasks).

  • Ability to write clean, reusable automation scripts and tooling.

Cloud (AWS)

  • Hands-on experience with AWS services, including:

    • EC2, S3

    • IAM (roles, policies, least-privilege access)

    • VPC and basic networking concepts

    • CloudWatch, AWS Systems Manager (SSM)

    • ECS and/or EKS

  • Strong understanding of cloud security best practices.

Nice-to-Have Skills

  • Experience with Docker and container security.

  • Experience with OpenShift.

  • Experience with Helm for Kubernetes deployments.

Working Hours

  • Working hours aligned with EST (Eastern Standard Time).

  • Ability to collaborate with distributed teams during EST business hours.


Or refer someone