Key Responsibilities

Development & Automation:

• Implement and manage security tools and technologies within the CI/CD pipeline (SAST, DAST, SCA, IAC scanning).
• Automate key security processes, including compliance checks,vulnerability scanning, and incident response.
• Develop scripts and tools (using Python, Bash, PowerShell, etc.) to create solutions that enhance security and operational efficiency.
• Test and validate the security of new systems, applications, and infrastructure before deployment.

Security & Compliance:

• Proactively identify, assess, and remediate security vulnerabilities and potential threats across our cloud and on-premises environments.
• Develop, implement, and maintain security strategies, controls, and governance frameworks.
• Ensure compliance with relevant industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
• Promote cybersecurity awareness and best practices across development and operations teams.

Operations & Collaboration:

• Work closely with Software Development, DevOps, and IT Operations teams to ensure seamless and secure operations.
• Monitor the overall health, performance, and security of our network and infrastructure.
• Participate in incident response activities and conduct blameless post-mortems to drive improvements.
• Manage and configure cloud security posture management (CSPM) and cloud workload protection platforms (CWPP).

Must-Have Skills and Qualifications:

• 1+ years of experience in a Dev SecOps, Security Engineering, or DevOps role with a strong security focus.
• Solid grasp of core security concepts (CIA triad, threat modeling, zero trust).
• Strong understanding of the entire Software Development Lifecycle (SDLC) and Agile methodologies.
• Proficiency in at least one programming language such as Python, Java, or Go and scripting with Bash or PowerShell.
• Hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, Circle CI) and integrating security tools into them.
• Deep familiarity with cloud platforms (AWS, Azure, or GCP) and their native security tools.
• Experience with Infrastructure as Code (IaC) tools like Terraform or CloudFormation and their security scanning.
• Knowledge of containerization (Docker) and orchestration technologies (Kubernetes) and their security best practices.
• Excellent problem-solving, analytical, and communication skills.