Full-Time DevSecOps Engineer

The role & what you'll be doing:

As a DevSecOps Engineer, you will be a key driver in integrating security practices across our development and deployment pipelines, ensuring that every product we deliver is secure, scalable, and resilient. This role requires both a strategic mindset and hands-on engineering skills to design and implement world-class DevSecOps processes. You will work closely with cross-functional teams to build and maintain highly automated CI/CD pipelines, secure infrastructure, and provide rapid response to security incidents.

• Design & Implement CI/CD Pipelines: Develop, optimize, and maintain CI/CD pipelines that integrate automated testing, security scans, and code deployment, ensuring rapid and reliable software releases.
• Infrastructure as Code (IaC): Lead the implementation of infrastructure as code (IaC) using tools like Terraform, CloudFormation, or AWS CDK, ensuring consistent and scalable environments across all stages of development.
• Security Automation: Automate security checks within CI/CD pipelines, embedding vulnerability management, code analysis, and dependency checks directly into the software development process.
• Cloud Infrastructure Management: Manage secure and scalable cloud environments (AWS, Azure, GCP) to support both production and development needs, optimizing for performance, availability, and cost.
• Monitoring and Logging: Implement advanced monitoring and logging systems to track application and infrastructure performance, security threats, and anomalous behavior, ensuring rapid detection and response to incidents.
• Incident Response and Threat Management: Develop, maintain, and execute incident response plans, including forensics and post-incident reviews, ensuring the ability to detect, respond to, and recover from breaches effectively.
• Disaster Recovery and Resilience: Architect disaster recovery strategies, ensuring that systems have robust backup and restoration processes in place to guarantee high availability and rapid recovery.
• Compliance and Risk Management: Ensure that all systems meet regulatory and compliance standards (e.g., SOC 2, GDPR), working with relevant stakeholders to manage audits and ensure proper documentation.

Join the team if you:

• Have 5+ years experience with DevOps tools such as Jenkins, GitLab CI, and infrastructure automation with Terraform, CloudFormation, or AWS CDK.
• Have 5+ years experience in managing and securing infrastructure on cloud platforms (AWS, GCP, or Azure), with a focus on automation, scalability, and high availability.
• Have expertise in vulnerability management, threat modeling, and security monitoring, with hands-on experience integrating security into CI/CD pipelines.
• Are proficient in automation scripting with languages like Python, Bash, or PowerShell.
• Have experience implementing monitoring solutions and leading incident response teams during security events.
• Have experience with compliance frameworks such as SOC 2, GDPR, ISO 27001, and handling related audits.