Overview: The DevSecOps Engineer will integrate security practices into the software development lifecycle (SDLC) and DevOps workflows, ensuring that security is embedded into every phase of system design, development, deployment, and maintenance. This role will involve managing and automating security tools, enforcing best practices for secure coding, infrastructure, and deployment, and ensuring that the organization’s systems and platforms are compliant with industry standards and regulations. Key Responsibilities: Implement and enforce security controls across the entire DevOps pipeline (CI/CD), including code, build, deployment, and runtime environments. Collaborate with development and operations teams to ensure that security is a priority at Integrate static and dynamic security testing tools (e.g., SAST, DAST) into CI/CD pipelines to automatically detect vulnerabilities in code and applications. Use automated tools for vulnerability scanning, threat modeling, and compliance checks. Ensure that infrastructure and configuration code (e.g., Terraform, CloudFormation) follow security best practices and are free from vulnerabilities. Automate security controls and compliance testing for cloud infrastructure (AWS, Azure, GCP) using IaC tools. Work with cloud platforms (e.g., AWS, Azure, Google Cloud) to ensure secure configurations, network architecture, and identity and access management (IAM) policies. Leverage cloud-native security tools such as AWS GuardDuty, CloudTrail, Security Hub, and Azure Security Center to monitor and respond to threats. Secure containerized environments, including Docker, Kubernetes, and orchestrators like EKS and ECS. Implement runtime security monitoring for containers and serverless applications. Automate incident detection and response workflows for security events using SIEM tools and cloud-native security solutions. Respond to security incidents, investigate breaches, and recommend corrective actions. Ensure that systems meet regulatory and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS) by embedding security controls and audits into the development process. Generate reports and audits to ensure continuous compliance with industry standards. Experience and Qualifications: Minimum of 2-4 years in a DevSecOps or security engineering role with hands-on experience in integrating security within DevOps workflows. Strong experience with AWS, Azure, or Google Cloud security services and configurations. Familiarity with cloud-native security tools, including AWS GuardDuty, Security Hub, CloudTrail, and similar services. Experience with SAST/DAST tools, security vulnerability scanners, and static analysis tools. Proficient in using security tools for continuous integration/continuous deployment (CI/CD) pipelines (e.g., SonarQube, Checkmarx, Snyk, OWASP ZAP). Strong experience with Terraform, CloudFormation, or similar IaC tools to ensure secure, scalable infrastructure configurations. Hands-on experience securing Docker, Kubernetes, EKS, and ECS environments. Experience with container security tools like Aqua Security, Twistlock, or Sysdig. Experience in handling security incidents, analyzing threats, and conducting post-incident reviews. Familiarity with SIEM tools (e.g., Splunk, ELK, Datadog) and security monitoring solutions.