About the Role:

We are seeking a DevSecOps Engineer to bridge the gap between web development, operations, and security. You will be responsible for developing secure web applications, managing CI/CD pipelines, and implementing robust cloud and network security practices across our infrastructure.

Key Responsibilities:

• Design, develop, and deploy secure, scalable web applications using modern frameworks (e.g., React, Node.js, Django).
• Build and maintain CI/CD pipelines (GitHub Actions, Jenkins, or GitLab CI).
• Integrate automated security testing into the development pipeline (SAST, DAST, SCA).
• Monitor cloud infrastructure (AWS/GCP/Azure) and implement security best practices (IAM, VPCs, security groups, etc.).
• Conduct regular threat modeling, vulnerability assessments, and penetration testing.
• Automate infrastructure using Infrastructure as Code (Terraform, Ansible).
• Collaborate with development and IT teams to ensure DevOps and security alignment.
• Respond to and investigate incidents involving infrastructure or application compromise.

Required Skills & Experience:

• 3+ years of experience in DevOps or Site Reliability Engineering.
• 2+ years of hands-on web development experience.
• Solid knowledge of network security principles (e.g., firewalls, IDS/IPS, TLS, VPN).
• Experience with Docker and Kubernetes in production environments.
• Familiarity with OWASP Top 10 and secure coding practices.
• Scripting skills in Bash, Python, or similar languages.
• Experience with logging/monitoring tools (ELK stack, Prometheus, Grafana).
• Understanding of authentication protocols (OAuth2, SAML, etc.).

Preferred Qualifications:

• Certifications: OSCP, CEH, or AWS Security Specialty.
• Experience with zero trust security architecture.
• Contributions to open-source DevSecOps or security tools.