Key Responsibilities
Secure Pipeline Engineering & Automation
- Design, implement, and maintain secure CI/CD pipelines with embedded security controls using Jenkins, GitHub Actions, GitLab CI, and modern DevOps toolchains
- Identify and remediate code vulnerabilities through automated scanning integration, enhancing overall pipeline security posture
- Integrate comprehensive security testing such as SAST, DAST and SCA throughout the Software Development Lifecycle (SDLC):
- Implement Infrastructure as Code (IaC) security practices using Terraform, Ansible, and cloud-native security controls
- Perform thorough vulnerability assessments and penetration testing across web applications, mobile platforms APIs, and cloud infrastructure environments
- Conduct threat modeling exercises and security architecture reviews for cloud-native applications and distributed systems.
- Execute both automated and manual security assessments following industry-standard methodologies and frameworks.
- Design and implement testing strategies that cover the full application stack and infrastructure components.
- Implement container security best practices with Docker and Kubernetes security hardening across multi-cloud environments (AWS, GCP, Azure, Huawei Cloud)
- Champion cloud-native security practices including microservices security, service mesh protection, and serverless security controls
- Build and maintain comprehensive security observability, monitoring, and incident response capabilities
- Drive organizational DevSecOps maturity transformation initiatives and cultural change programs
- Ensure compliance with established security frameworks and standards (OWASP, NIST, ISO 27001, SOC 2, PCI-DSS, GDPR)
- Lead security training programs and embed security awareness practices across development teams and stakeholders
- Conduct comprehensive security reviews, compliance audits, and post-incident analysis with actionable recommendations
Required Skills and Qualifications
Core DevSecOps Expertise
- 3+ years of hands-on DevSecOps, application security, or cybersecurity experience
- Deep understanding of secure software development lifecycle (SDLC) and DevSecOps principles
- Proven track record of embedding security into CI/CD pipelines and development workflows
Technical Security Skills
- Security Testing Mastery: Advanced proficiency with Burp Suite, OWASP ZAP, Metasploit, Nessus, and custom security tooling
- Code Security: Expert-level secure code review (manual and automated), static/dynamic analysis
- Cloud Security: Comprehensive knowledge of AWS, GCP, Azure security services and cloud-native security patterns
- Container Security: Docker and Kubernetes security hardening, image scanning, runtime protection
- API Security: REST/GraphQL security testing, authentication/authorization, API gateway security
DevOps & Automation Proficiency
- CI/CD Security: Jenkins, GitHub Actions, GitLab CI with embedded security scanning and gates
- Infrastructure as Code: Terraform, Ansible, CloudFormation with security best practices
- Programming & Scripting: Advanced Python, Bash, PowerShell, Go for security automation
- Monitoring & Observability: Security monitoring, SIEM integration, incident response automation
Security Frameworks & Standards
- Deep knowledge of OWASP Top 10, SANS Top 25, MITRE ATT&CK framework
- Experience with compliance frameworks (PCI-DSS, HIPAA, SOX, GDPR, CCPA, ISO 27001)
- Understanding of threat modeling methodologies and risk assessment practices
- Familiarity with security governance and regulatory requirements
Generating Apply Link...
.png)
