DevSecOps Engineer

The DevSecOps Engineer is responsible for integrating security best practices within the software development lifecycle. The role requires expertise in automation, infrastructure security, and compliance to ensure robust protection of systems and data throughout the development, testing, and deployment processes.

Principal Accountabilities:

• Develop and maintain secure CI/CD pipelines to ensure seamless integration of security measures.
• Implement security tools and practices across development, testing, and deployment phases.
• Conduct vulnerability assessments and provide effective remediation strategies.
• Collaborate with software engineers to integrate security directly into application code.
• Monitor security incidents, respond proactively, and continuously improve security postures.
• Ensure compliance with financial industry regulations and security frameworks.

Roles and Responsibilities:

Does (The tasks / responsibilities that the role performs to address requirements in Key Result Areas):

• Build and maintain automated security processes in CI/CD pipelines.
• Integrate security scanning tools for SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and dependency checks.
• Perform regular vulnerability assessments and collaborate with development teams to remediate findings.
• Implement infrastructure security measures, ensuring the protection of cloud environments and containerized applications.
• Monitor security alerts and incidents, investigating and responding promptly.
• Provide technical guidance to engineering teams on secure coding practices and security design patterns.
• Ensure alignment with industry standards such as OWASP, NIST, and PCI-DSS.

Delivers (The specific outputs / tangible results produced by the role; resources responsible for):

• Secure and automated CI/CD pipelines integrated with security tools.
• Timely identification and remediation of security vulnerabilities.
• Improved security posture across applications and infrastructure.
• Compliance with industry regulations and security frameworks.
• Clear documentation of security practices, incident responses, and compliance measures.

Displays (The Knowledge, Skills, and Behaviors indicating how tasks / responsibilities will be performed):

• Proficiency in cloud security practices with platforms such as AWS and Azure.
• Strong knowledge of container security with tools like Docker and orchestration platforms like Kubernetes.
• Experience with automation tools such as Terraform and Ansible.
• Familiarity with security monitoring and SIEM tools (Security Information and Event Management).
• In-depth understanding of security standards and frameworks, including OWASP, NIST, and PCI-DSS.
• Proactive mindset with the ability to identify and resolve security issues before they escalate.
• Strong collaboration and communication skills to work effectively across diverse teams.

Qualifications:

• Bachelors degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in DevSecOps or a related role.
• Proven expertise in integrating security within agile development and deployment processes.