Security Engineer / DevSecOps Engineer

Job Description Security Engineer / DevSecOps Engineer

Core Security Expertise

• Secure SDLC: Implement and embed security practices across all phases of the software development lifecyclefrom design through deployment.
• Threat Modeling: Use frameworks such as STRIDE, DREAD, or PASTA to proactively identify and mitigate architectural and implementation risks.
• Vulnerability Management: Conduct vulnerability assessments using tools like Nessus, Qualys, or OpenVAS and deliver actionable remediation plans.
• Application Security: Strong understanding of OWASP Top 10 risks and handson experience with SAST, DAST, IAST, and RASP tools.
• Identity & Access Management: Implement IAM principles such as least privilege, RBAC/ABAC, SSO, and MFA.

Development & Automation

• Programming/Scripting: Proficiency in Python, Bash, Go, or JavaScript.
• CI/CD Security: Secure and harden pipeline tools including Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Integrate automated security testing into CI/CD workflows.
• InfrastructureasCode Security: Experience with Terraform, CloudFormation, and Ansible. Familiarity with security scanners such as Checkov, tfsec, Terrascan, and PolicyasCode (OPA/Conftest).
• Container & Orchestration Security: Practical experience securing Docker, Kubernetes, and Helm ecosystems. Exposure to Trivy, Anchore, Falco, and Kyverno.

Cloud & Platform Security

• Cloud Security: Strong understanding of AWS, Azure, or GCP security components (IAM, VPC, KMS, WAF, Secrets Manager). Experience with CSPM or CWPP tools.
• Secrets Management: Handson experience with Vault, AWS Secrets Manager, SOPS, or equivalent secretmanagement solutions.

Monitoring, Detection & Incident Response

• Security Monitoring & SIEM: Experience using Splunk, ELK, Sentinel, Panther, or Datadog for anomaly detection and alert triage.
• Incident Response & Forensics: Ability to analyze logs, investigate breaches, respond to incidents, and implement longterm mitigation.

Governance, Risk & Compliance

• Knowledge of frameworks like NIST, ISO 27001, CIS Benchmarks, SOC 2, and PCIDSS.

Collaboration & Communication

• Ability to work crossfunctionally with developers, operations teams, and business stakeholders to drive a securityfirst culture.
• Strong documentation and communication skills.

Nice to Have

• Experience with Semarchy xDM or Semarchy deployment workflowsbeneficial for teams leveraging Semarchy as part of their application deployment lifecycle. (The platform is used in deployment processes across certain projects, making familiarity a plus.)