Job Description:
We are seeking a skilled and experienced DevSecOps Engineer with a strong specialization inAWS to join our dynamic team. In this role, you will play a pivotal role in ensuring the security and integrity of our software development processes on AWS. Your expertise in AWS, Rego policies, and Terraform will be instrumental in building a secure and efficient development pipeline.
Responsibilities:
* Develop, implement, and maintain Rego policies to enforce security controls and compliance standards within our AWS infrastructure and applications.
* Collaborate with development and operations teams to integrate security into the AWS-focused CI/CD pipeline, ensuring security checks and scans are automated and seamlessly incorporated.
* Leverage your AWS expertise to architect and implement secure microservices and containerized applications, ensuring compliance with AWS security best practices.
* Design and implement infrastructure-as-code (IaC) using Terraform to define and manage AWS resources securely and efficiently.
* Perform thorough security assessments on AWS environments, utilizing AWS-specific security tools and technologies, to identify and address potential vulnerabilities.
* Conduct threat modeling and risk assessments for AWS deployments, designing effective security solutions tailored to AWS services.
* Collaborate with cross-functional teams to respond to AWS-specific security incidents promptly, conduct root cause analysis, and implement corrective actions.
* Stay current with AWS advancements, industry security trends, and best practices, sharing knowledge and insights with team members.
* Drive a culture of security awareness specific to AWS environments, ensuring security considerations are integrated throughout development. Requirements:
* Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
* Proven experience as a DevSecOps Engineer with a strong focus on AWS
* Expertise in Rego policies and policy-as-code practices especially with implementation in AWS In-depth understanding of AWS services, security controls, and best practices.
* Proficiency in using AWS-specific security tools, vulnerability scanners, and penetration testing tools.
* Strong experience with infrastructure-as-code (IaC) using Terraform for AWS resource provisioning and management.
* Familiarity with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with AWS integrations.
* Solid knowledge of AWS security frameworks, standards, and compliance requirements.
* Strong understanding of container security in AWS and experience securing microservices.
* Excellent communication and collaboration skills, with a proven ability to work effectively in cross functional teams.
* Relevant AWS certifications such as DevOps Engineer, Google Professional Cloud Security Engineer, or similar certifications are highly advantageous.