Role: DevSecOps Engineer
Experience: >3 yrs
Notice Period: Immediate
● Understand the concepts of assessing risk. Train and assess development teams for secure
best practices to secure the products.
● Configuring, and administrating technologies for the Security CI/CD Pipeline including SAST,
DAST, IAST, OSS.
● Help software development teams to understand, and remediate security findings
● Construct threat models with development teams
● Work with development teams throughout the entire SDLC to ensure code is secure by design,
and all the way through production deployment.
● Assist in the development of internal security policies, procedures, and guidelines.
● Perform VAPT and security business logic tests on the applications to make sure the products
● Have knowledge of implementation/management of SIEM (Security and event monitoring).
● Be on track with the emerging security technologies and implement the same across the
Required Knowledge and Skills:
● 3-5 years experience as a security professional
● 3-5 yrs. of experience or equivalent skills in writing secure software with modern languages
● Have strong knowledge on methodologies like OWASP, SANS, etc.
● Have hands-on experience in security tools like Veracode, Fortify, Appscan, etc.
● Excellent oral, and written communication
● Experience or understanding/implementation of DevSecOps practices, and CI/CD pipelines
● Source control with Git, and code hosts such as Github, BitBucket, etc...
● Experience or understanding of Infrastructure as Code (Terraform, CloudFormation, etc.)
● Experience in Implementation of WAF rules in the cloud.
● Hand on experience in AWS clouds
● Have basic knowledge of Containerization with Docker, and related orchestration tools such as
Kubernetes, Nomad, etc...
● Security focused mindset, in addition to experience with security-oriented tooling, threat
● Bachelor's degree in a related field of work or equivalent work experience.
● Any of the Security certifications like CISSP, ECSA, OSCP, etc is a plus