Job Description:
Job Summary
A Development, Security, and Operations (DevSecOps) Engineer is needed to integrate security practices into the software development lifecycle (SDLC). The role focuses on embedding security into development processes, automating security checks, and ensuring applications and infrastructure are secure. Responsibilities include collaborating with development and operations teams, conducting security assessments, managing CI/CD security practices, and promoting a culture of security awareness across the organization.
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience)
- Proven experience in DevOps, cybersecurity, or a related role
- Proficiency in programming languages such as Python, Java, or Ruby, and scripting for automation
- Familiarity with CI/CD tools, container orchestration, and Infrastructure as Code (IaC)
- Strong understanding of security principles, threat modeling, risk management, encryption, and vulnerability assessment
- Knowledge of cloud security practices, including experience with cloud platforms such as AWS or Azure
- Understanding of network architectures, protocols, and secure system design
- Awareness of regulatory and compliance standards such as GDPR, HIPAA, and SOC 2
- Ability to identify and remediate security vulnerabilities and risks
- Strong communication and collaboration skills
- Commitment to staying updated on security trends and emerging threats
- Experience with incident response and handling security breaches
Responsibilities
Primary
- Implement and maintain security tools and practices within CI/CD pipelines
- Conduct security assessments and vulnerability testing
- Collaborate with developers to ensure secure coding practices
- Automate security scans, code verification, and related processes
- Monitor and respond to security incidents
- Ensure cloud infrastructure is securely configured and compliant
- Stay informed on emerging threats and recommend security improvements
- Promote a culture of security awareness across teams
Secondary
- Provide support for regulatory and compliance activities
- Create and manage helpdesk support tickets
- Share best practices to improve cybersecurity posture
- Recommend security enhancements and improvements
- Perform additional assigned duties
Physical Requirements
- Continuous sitting and computer use
- Frequent communication (speaking and listening)
- Occasional standing, walking, and lifting up to 10 pounds
- Visual abilities including close vision, distance vision, and focus adjustment
Safety Requirements
- Report safety hazards, incidents, and damages
- Follow all safety policies and procedures
- Use personal protective equipment (PPE) when required
- Participate in safety training and meetings
- Maintain awareness of personal and team safety