DevSecOps Developer

Requirement/Must Have:

• Expertise in Python, Bash, Go, Ruby, and JavaScript.
• Proficient with regular expressions for parsing and automation.
• Deep understanding of cryptography (TLS, SSL), authentication/authorization (OAuth2, SAML, JWT), and secure coding (OWASP Top 10).
• Hands-on experience with cloud security tools and practices in AWS, Azure, or Google Cloud Platform.
• Strong knowledge of Docker and Kubernetes security (RBAC, Network Policies, Pod Security).
• Experience with container scanning tools (Anchore, Sysdig).
• Familiarity with SOC 2, PCI-DSS, HIPAA, GDPR, and auditing practices.

Experience:

• Proven experience with SAST (Sonar Qube, Semgrep), DAST (OWASP ZAP, Burp Suite), SCA (Snyk, Mend.io).
• Hands-on experience with CI/CD tools (Jenkins, GitHub Actions, GitLab CI, Circle CI).
• Experience managing cloud platforms (AWS, Azure, Google Cloud Platform).
• Proficient in Infrastructure as Code tools (Terraform, Pulumi).
• Comfortable with monitoring/logging tools (Prometheus, Grafana, ELK, Splunk).
• Experience with secrets management tools (HashiCorp Vault).
• Familiar with vulnerability scanning tools (Qualys, Nessus, OpenVAS).

Responsibilities and Duties:

• Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, secrets scanning).
• Automate vulnerability scanning and remediation across the software supply chain.
• Secure IaC templates and enforce compliance policies.
• Set up SIEM, IDS/IPS tools and respond to incidents.
• Conduct threat modeling and risk assessments during SDLC phases.
• Integrate and manage security tooling (Sonar Qube, Aqua Security, HashiCorp Vault).
• Ensure compliance with security standards (ISO 27001, NIST, GDPR, HIPAA).
• Maintain audit trails and documentation for audits and assessments.
• Collaborate with development and operations teams to embed security best practices.
• Lead security education and awareness initiatives.

Should Have:

• Strong problem-solving and analytical skills.
• Ability to work independently and collaboratively.
• Excellent communication and documentation skills.
• Experience coaching teams in secure development and DevSecOps practices.

Skills:

• Programming: Python, Bash, Go, JavaScript.
• Tools: Jenkins, ArgoCD, Sonar Qube, GitLeaks, Aqua Security, Vault.
• Cloud: AWS, Azure, Google Cloud Platform.
• Security Standards: OWASP, SOC 2, GDPR.
• DevOps: Terraform, Pulumi, Prometheus, Splunk, Grafana.
• IAM: Okta, Auth0, Keycloak.

Qualification and Education:

• Bachelor's degree in Computer Science, Information Security, or related field.
• Relevant certifications (e.g., AWS Security, Google Cloud Platform Security, CISSP, CKS) preferred.