DevOps Engineer

Key Responsibilities:

• Implement automated security control enforcement and assessments to support DevSecOps initiatives.
• Lead the integration of security checks within CI/CD pipelines, ensuring secure delivery processes.
• Perform threat modeling against complex systems to identify potential risks and recommend appropriate controls.
• Direct the adoption of secure cloud computing practices across Azure, AWS, and GCP platforms.
• Enhance secure software development lifecycle (SDLC) processes to reduce security defects in production environments.
• Conduct security assessments for web, mobile, and cloud-based applications.
• Collaborate with development teams to review system architecture, design, and code for vulnerabilities and security flaws.
• Perform detailed threat modeling and risk assessments for applications, providing comprehensive security analysis.
• Lead and conduct security acceptance testing, including penetration testing of applications, APIs, and infrastructure.
• Implement and maintain security toolsets, such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Work closely with teams to develop and implement mitigations for identified security risks and vulnerabilities.
• Own, manage, and update security standards, specifications, and architectures.
• Lead the evaluation, selection, and implementation of security tools and technologies as part of the security strategy and roadmap.
• Serve as a subject matter expert in security products, infrastructure, and best practices.
• Execute penetration tests and red team exercises in cloud environments to identify potential threats.
• Provide mentorship and guidance to junior team members, fostering a culture of security awareness.

Qualifications & Experience:

• Bachelors degree (required).
• Relevant certifications in Information Security preferred (e.g., OSCP, CISSP, AWS Solutions Architect, Azure Security Engineer, SANS).
• Technical certifications in platforms and tools (e.g., Azure, AWS, Cisco, Palo Alto, Sentinel, Tenable) preferred.
• 5 - 8 years of relevant experience in a security organization, preferably within a financial institution or highly regulated environment.
• Extensive experience with a wide range of security technologies and cloud platforms.
• Proven expertise in performing penetration testing, red team assessments, and application security testing.
• Strong understanding of threat modeling, risk assessment, and secure SDLC practices.