DevSecOps Engineer

Are you an experienced Application Security professional with strong DevSecOps experience? If so, you could be the DevSecOps Engineer our client, a global organisation, is looking for! As DevSecOps Engineer, you will be responsible for:

• Security Automation: Design, implement, and maintain security automation tools and pipelines to integrate security into the CI/CD process.
• Security as Code (SaC): Develop and maintain Infrastructure as Code (IaC) with security best practices embedded.
• Vulnerability Management: Implement and manage vulnerability scanning tools, analyze results, and drive remediation efforts.
• Threat Modeling: Participate in threat modeling exercises to identify potential security risks and develop mitigation strategies.
• Security Monitoring and Logging: Implement and manage security monitoring and logging solutions to detect and respond to security incidents.
• Compliance and Auditing: Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, SOC 2, PCI DSS).
• Collaboration: Work closely with development, operations, and security teams to foster a security-first culture.
• Incident Response: Participate in security incident response activities and contribute to post-incident analysis.
• Security Training: Promote security awareness and provide training to development and operations teams.
• Tooling: Manage and improve security tooling, including SAST, DAST, IAST, and container security tools.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proven experience in a DevSecOps, security engineering, or related role.
• Strong understanding of security principles, best practices, and common vulnerabilities (OWASP Top 10, etc.).
• Experience with CI/CD pipelines (e.g., Jenkins, GitLab CI, CircleCI).
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell).
• Experience with cloud platforms (e.g., AWS, Azure, GCP).
• Experience with containerization and orchestration technologies (e.g., Docker, Kubernetes).
• Familiarity with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).
• Knowledge of security scanning tools (e.g., SonarQube, Snyk, Checkmarx).
• Excellent communication and collaboration skills.
• Strong problem-solving and analytical skills.

If you are looking to join a brand new team and be part of exciting projects, do apply to this role now!

EA Licence: 16S8091

EA Reg No.: R1656500