The DevSecOps Engineer integrates security practices into the DevOps process, ensuring that software development, deployment, and operations are secure from end to end.
Experience: 6-10 yrs
Mandatory Skills
CI/CD Pipelines, Secure IaC templates, security monitoring tools, Devsecops
Required Skills:
Programming & Scripting
Python, Bash, Go, Ruby, JavaScript
Regular expressions for parsing and automation
Security Fundamentals
Cryptography (TLS, SSL, encryption standards)
Authentication & Authorization (OAuth2, SAML, JWT)
Secure coding practices and OWASP Top 10
Cloud Security
Identity and Access Management (IAM)
Cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center)
Cloud workload protection platforms (CWPP)
Container & Orchestration Security
Docker security best practices
Kubernetes RBAC, Network Policies, Pod Security Standards
Container scanning tools (e.g., Anchore, Sysdig)
Networking & Firewalls
VPNs, proxies, load balancers
Network segmentation and zero-trust architecture
Compliance & Auditing
SOC 2, PCI-DSS, HIPAA, GDPR
Audit logging and forensic analysis
Tools & Platforms
Security Testing
Static Analysis: SonarQube, Semgrep, Fortify
Dynamic Analysis: OWASP ZAP, Burp Suite
Dependency Scanning: Snyk, WhiteSource, Mend.io
Secrets Detection: GitLeaks, TruffleHog
CI/CD & Automation
Jenkins, GitHub Actions, GitLab CI, CircleCI
ArgoCD, Spinnaker
Cloud Platforms
AWS, Azure, Google Cloud Platform (GCP)
HashiCorp Vault (for secrets management)
Terraform, Pulumi (Infrastructure as Code tools)
Monitoring & Logging
Prometheus, Grafana
ELK Stack (Elasticsearch, Logstash, Kibana)
Splunk, Datadog
Vulnerability Management
Qualys, Nessus, OpenVAS
Prisma Cloud, Aqua Security
Identity & Access Management
Okta, Auth0, AWS IAM
Keycloak
Responsibilities:
1. Security Integration in CI/CD Pipelines
Embed security checks (e.g., SAST, DAST, SCA) into continuous integration and deployment workflows.
Automate vulnerability scanning and remediation.
2. Infrastructure as Code (IaC) Security
Secure IaC templates (e.g., Terraform, CloudFormation).
Implement policies to prevent misconfigurations and enforce compliance.
3. Monitoring & Incident Response
Set up security monitoring tools (e.g., SIEM, IDS/IPS).
Respond to security incidents and perform root cause analysis.
4. Threat Modeling & Risk Assessment
Conduct threat modeling during design and development phases.
Assess risks and recommend mitigation strategies.
5. Tooling & Automation
Select and integrate security tools (e.g., SonarQube, Aqua Security, HashiCorp Vault).
Automate security tasks to reduce manual effort and human error.
6. Compliance & Governance
Ensure adherence to standards like ISO 27001, NIST, GDPR, HIPAA.
Maintain audit trails and documentation for compliance.
7. Collaboration & Training
Work closely with developers, operations, and security teams.
Educate teams on secure coding practices and DevSecOps principles.
...Qualifications: Salesforce Marketing Email Specialist Certification / experience with Marketing Cloud Excellent communications skills to be able to coordinate activities of multiple teams JavaScript / HTML Experience in REST/SOAP web services Experience...
Want to live and work close to Vancouver? PediaStaff needs a great School Psychologist to work full-time hours for the 25/26 school year with a district in the Vancouver area, and we are ready to interview now! * You will know you're in great hands working for PediaStaff...
Short Description: Were looking for an Email andRetention Marketing Specialist plays an integral role on the client team by executing calendar... ...Competitive salary in USD &##127758; Location: 100% Remote open to LATAM &##128483; Language Requirements: Advanced...
(Only QUALIFIED Healthcare Professionals accepted) Psychiatry/Mental Health-NP - PSYCHIATRIC NURSE PRACTITIONER OPPORTUNITY LOCATION: Presque Isle, ME Exceptional Outpatient Mental Health Clinic We are seeking a qualified Psychiatric Nurse Practitioner to join...
TeamHealth has an excellent opportunity for a psychiatric nurse practitioner to join our behavioral health team working full-time or part-time in Providence, Rhode Island. We ask that you be board certified or board eligible. Geriatric experience is preferred, but not required...