Sr. DevOps Security Engineer

We are seeking a skilled and proactive Sr. DevOps Security Engineer to play a key part in the security of our organization’s infrastructure and software development lifecycle, driving both technical security improvements and overall IT support. The Sr. DevOps Security Engineer must have a strong background in security, with the ability to provide IT support, assess and remediate vulnerabilities, and collaborate cross-functionally to enhance our overall security posture. 

This role will focus on protecting the organization’s data and systems, identifying and mitigating vulnerabilities, and ensuring secure practices across our development pipelines and cloud infrastructure. This is an excellent opportunity to combine skills in cybersecurity, vulnerability management, and IT support with a strong focus on securing our development pipelines and cloud infrastructure. The ideal candidate will be responsible for safeguarding the organization’s systems, data, and networks, while also providing internal IT support, especially around security-related issues.

RESPONSIBILITIES

• Vulnerability and Risk Management: Conduct regular vulnerability assessments and scans using industry-standard tools (e.g., Nessus, Qualys, OpenVAS) to identify risks and security gaps in systems, networks, and applications. Analyze findings, categorize severity, and recommend remediation actions.

• Security Incident Response: Monitor and analyze security logs, system activity, and network traffic to identify potential threats and vulnerabilities. Respond to and resolve security incidents by investigating, mitigating, and communicating findings.

• Security Tools and Infrastructure: Implement and maintain security tools (e.g., firewalls, IDS/IPS, SIEM) to ensure the organization’s infrastructure is secure. Manage cloud security posture, including access controls, encryption, and compliance with industry standards (AWS, Azure, GCP).

• DevOps Security Integration: Design and implement security controls within CI/CD pipelines and develop automated security testing and validation tools to be integrated into the DevOps workflow. Collaborate with development teams to ensure secure deployment practices, such as secrets management and IAM.

• Security Compliance and Reporting: Ensure security compliance with internal and external standards (e.g., GDPR, ISO 27001, SOC2). Develop and maintain security policies, procedures, and best practices for vulnerability management, and track remediation progress.

• IT Support: * Assist in securing internal systems, patch management, and endpoint protection. Support IT infrastructure tasks with an emphasis on security best practices.

• Collaboration and Training: Work cross-functionally with DevOps, IT, and other teams to implement security improvements. Assist in the creation of security training materials and provide ongoing security awareness education to internal teams.

• Emerging Threats and Trends: Stay current with emerging security threats, vulnerabilities, and best practices. Analyze threat intelligence feeds and provide recommendations to improve security posture across the organization.

QUALIFICATIONS

• Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)

• Minimum of 3-5 years of experience in a DevOps or Security Analyst role, with a focus on DevOps security

• CISSP certification mandatory

• Strong understanding of DevOps processes and tools (e.g., Jenkins, GitLab CI/CD, Docker, Kubernetes, Terraform)

• Experience with security tools and practices in a DevOps environment, including vulnerability scanning, security testing (SAST/DAST), and compliance monitoring

• Knowledge of cloud security practices and platforms (AWS, Azure, Google Cloud)

• Experience with container security and orchestration tools (Docker, Kubernetes)

• Familiarity with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible

• Strong understanding of secure coding practices and application security concepts

• Knowledge of security standards and frameworks (e.g., NIST, OWASP, CIS, ISO 27001).

• Experience with SIEM, threat intelligence, and incident response processes

• Familiarity with regulatory requirements such as GDPR, PCI-DSS, or HIPAA

• Strong scripting skills in languages such as Python, Bash, or Go

• Ability to collaborate and communicate effectively with cross-functional teams, including developers, IT, and security professionals

• Experience with monitoring and logging tools like Splunk, ELK Stack, or Datadog

•  Experience in deploying and securing microservices architectures a bonus

•  Familiarity with automated compliance tools and auditing a bonus

•  Understanding of data protection and encryption techniques a bonus