DevSecOps Engineer (Cybersecurity + DevOps)

Location: onsite(Hyderabad)

Experience: 13 Years

Employment Type: Full-Time

Why This Role Exists

We build and operate production systems across web, desktop, and mobile platforms. As we scale, security cannot remain a final stepit must be embedded into how we build, ship, and run software.

This role exists to own security across the delivery pipeline, not just run scans.

What You Will Actually Do (Day-to-Day Impact)

• Embed security gates directly into CI/CD pipelines (not just reports, but fail builds on critical issues)
• Actively break our own systems (internal pentesting mindset) to identify real-world vulnerabilities
• Implement SAST, DAST, and dependency scanning and ensure findings are actually resolved
• Harden cloud infrastructure (IAM, network policies, secrets management) instead of relying on defaults
• Secure containerized workloads (Docker/Kubernetes) including image scanning and runtime controls
• Work with developers to fix vulnerabilities at code level, not just report them
• Define and enforce security baselines for all environments (dev prod)
• Reduce attack surface across APIs, services, and deployments
• Automate security checks so that manual intervention is minimized

What We Expect You to Think Like

You dont just run toolsyou understand what the vulnerability actually means

You question assumptions like:

What happens if this API is abused?

What if credentials leak?

You balance security vs delivery speed, not block releases unnecessarily

Core Skills (Non-Negotiable)

Hands-on experience integrating security into CI/CD pipelines (Jenkins / GitHub Actions / GitLab CI)

Practical knowledge of OWASP Top 10 vulnerabilities and how to exploit + fix them

Experience with at least one cloud (AWS / Azure / GCP) with focus on IAM & network security

Strong working knowledge of Linux systems and shell scripting

Experience with Docker and basic understanding of Kubernetes security concepts

Familiarity with tools like OWASP ZAP, Burp Suite, Snyk, Trivy, or similar

• Understanding of API security (auth, rate limiting, token handling)

What Will Make You Stand Out

• You have actually exploited a vulnerability (not just read about it)
• Youve built or secured real CI/CD pipelines end-to-end
• You understand how attackers think, not just compliance checklists
• Exposure to Zero Trust, secrets rotation, or runtime security tools
• Contributions to security tools, writeups, or bug bounty participation

Tech Environment Youll Work With

• Frontend: React,swift
• Backend: Node.js
• Mobile/Desktop: Swift, Kotlin
• Infrastructure: Cloud + CI/CD + Containerized workloads (AWS)

Success in This Role Looks Like

• Critical vulnerabilities are caught before production, not after
• Developers start writing secure code by default
• Security checks are automated and invisible, not bottlenecks
• Infrastructure is secure by design, not patched later