Who we're looking for

We're in search of a skilled Senior DevSecOps Engineer with at least 5 years of experience in a similar role. The ideal candidate has expertise in integrating security into CI/CD pipelines, managing cloud infrastructure security, and implementing zero trust architecture across a global platform and organization.

Responsibilities

• Integrate security practices into CI/CD pipelines, automating deployments to ensure compliance with security standards.
• Design, implement, and manage secure infrastructure solutions using Terraform and other Infrastructure as Code (IaC) tools.
• Oversee cloud infrastructure security, particularly within AWS, through active monitoring and vulnerability management.
• Plan and forecast security project budgets and resources to align with organizational goals.
• Deliver security training to development teams, emphasizing secure development processes and best practices.
• Document security guidelines aligned with industry standards, providing clear, actionable guidance for development teams.
• Develop and integrate security tools, assessing their effectiveness through continuous monitoring.
• Analyze, report, and refine security metrics to drive ongoing improvements in security posture.
• Automate container vulnerability management, including pre-deployment scanning of container images, rescanning, and reporting.
• Set up and maintain Zero Trust architecture for internal development environments.
• Refine SIEM by integrating new sources and configuring alerts to enhance security monitoring capabilities.
• Support compliance efforts, particularly for PCI DSS and SOC 2 standards.
• Enhance secrets management practices across the organization.
• Strengthen CI/CD InfraSec controls, including monitoring for secrets and detecting vulnerable images.
• Harden Kubernetes environments by configuring security groups, network policies, and IAM.

Requirements:

• Minimum 5 years of experience in DevSecOps or infrastructure security.