Senior DevSecOps Engineer

DevSecOps Integration:

• Design and implement secure CI/CD pipelines using tools like Jenkins, GitHub Actions (GHAS), and other automation frameworks.

• Manage and integrate security tools such as SonarQube, Checkmarx, and other code quality scanners to ensure secure code development.

Tool Management:

• Oversee the configuration and maintenance of SonarQube, ensuring code quality and security benchmarks are met
• Manage and optimize Jenkins pipelines for security and efficiency.
• Administer Checkmarx and GHAS for secure coding practices and real-time vulnerability detection
• Security Enforcement:
• Collaborate with developers and operations teams to adopt best practices for security and compliance
• Conduct static and dynamic security testing (SAST/DAST) and implement policies for secure code delivery.
• Automation and Monitoring:
• Develop scripts to automate security checks and enforce compliance standards.
• Set up real-time monitoring for threats and security anomalies using tools integrated into the development lifecycle.
• Cross-Team Collaboration:
• Act as a liaison between DevOps, security, and development teams to promote a culture of shared responsibility for security
• Provide training sessions to upskill teams on the effective use of tools like GitHub, Checkmarx, and SonarQube.
• Compliance and Reporting:
• Ensure alignment with industry security standards such as ISO 27001 and NIST
• Generate detailed security and compliance reports to highlight vulnerabilities and remediation efforts
• 
  
  

Requirements

Technical Expertise:

Proficiency in DevOps tools and practices, including Jenkins, GitHub Actions, and SonarQube.

Hands-on experience with Checkmarx, GHAS, and version control systems like GitHub.

Strong understanding of scripting languages (Python, Bash) for automation.

Familiarity with cloud environments (AWS, Azure, GCP) and container orchestration tools (Docker, Kubernetes).

Experience:

Minimum 4 - 6 years in a DevSecOps, DevOps, or related role

Proven ability to implement security measures in CI/CD workflows.

Soft Skills:

• Strong communication and collaboration skills.

• Analytical mindset with a problem-solving approach.

Preferred Qualifications:

Certifications such as Certified DevSecOps Professional, AWS Certified Security Specialty, or equivalent.

Knowledge of advanced security practices for microservices and cloud-native applications.