DevSecOps
Bengaluru, Karnataka, India
Tookitaki
Make your financial crime compliance programme effective and sustainable with an award-winning global AML software provider from Singapore.Location: Bengaluru,Karnataka,India
Roles & responsibilities:
● Collaborate with development teams to integrate security testing and controls into CI/CD pipelines
● Implement security as code practices to automate security checks and enforce policies
● Conduct security assessments and penetration testing to identify vulnerabilities early in the development process
● Provide guidance and training to developers on secure coding practices and common security pitfalls
● Develop and maintain security standards, guidelines, and controls for cloud infrastructure, particularly on AWS
● Monitor cloud environments for security incidents and anomalies, and respond accordingly
● Stay up-to-date with the latest cloud security best practices, threats, and compliance requirements
OKR
● Automate 80% of security checks within CI/CD pipelines using “security as code” practices.
● Maintain 100% compliance with internal security standards and external frameworks
● Reduce the average time to detect, respond, and resolve security incident
● Achieve integration of security practices in 90% of development projects.
Requirements:
● 3+ years of experience in cybersecurity, with a focus on DevSecOps and cloud security
● Strong understanding of application security concepts and secure coding practices
● Proficiency in implementing security controls and testing in CI/CD pipelines using tools like Snyk, SonarQube or other shift-left products
● Experience with cloud security controls and best practices, particularly on AWS
● Knowledge of common cloud security threats, such as misconfigured S3 buckets, exposed credentials, and DDoS attacks
● Familiarity with cloud security frameworks like the AWS Well-Architected Framework and CIS Benchmarks
● Excellent communication and collaboration skills to work effectively with development teams
Preferred Skills and Qualifications:
● Certifications such as AWS Certified Security - Specialty, SSCP, CSSLP.
● Experience with Infrastructure as Code (IaC) tools like Terraform and CloudFormation
● Knowledge of cloud security monitoring and incident response best practices
● Familiarity with compliance frameworks like HIPAA, PCI-DSS, and GDPR
● Exposure to the FinTech industry.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS CI/CD Cloud Compliance CSSLP DDoS DevSecOps FinTech GDPR HIPAA Incident response Monitoring OKR Pentesting S3 Security assessment SonarQube SSCP Terraform Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.