Senior DevSecOps Engineer

Duration: 6 months to 1 year

Key Responsibilities

• Vulnerability & Penetration Testing
  • Perform comprehensive VAPT exercises across web, mobile (Android & iOS), API, network, and server environments
  • Conduct both manual and automated assessments
• Reporting & Remediation
  • Produce detailed VAPT reports covering findings, impact, exploitability, and recommended mitigations
  • Collaborate with development, devops teams to validate and remediate vulnerabilities; support retesting.
• Devops Support
  • Support devops operations for secure deployments and maintenance. Clear idea on standalone and managed Kubernetes clusters, CI/CD tools and platform engineering.
  • Exposure to cloud environments in AWS, GCP and Huawei.
• Tooling & Automation
  • Integrate security tools into CI/CD pipelines (SAST/DAST/IAST) and enhance scanning capabilities.
  • Drive automation of repetitive tasks to improve efficiency
• Threat Intelligence
  • Stay current on OWASP Top 10, SANS Top 25, MITRE ATT&CK. Apply emerging attack techniques for validation.

Required Experience & Skills

• 3+ years in VAPT, offensive security or application security.
• Hands-on experience testing web apps, mobile apps, APIs, servers, and network infra.
• Experience in DevOps practices, CI/CD pipeline and Cloud environments in business-critical enterprise environment.
• Proficiency with tools: Burp Suite, Metasploit, Nessus, Nmap, etc.
• Familiarity with security frameworks and standards: OWASP, SANS, MITRE, NIST.
• Experience with secure code review (manual & automated).
• Scripting/programming capabilities: Python, Bash, PowerShell etc.
• Strong communication skills: able to explain technical risks to both tech and non-tech stakeholders.
• Relevant certifications encouraged: eJPT, OSCP, eCPPT, PNPT, OSWE.