DevSecOps Engineer

Job Summary: As a DevSecOps Engineer, you will play a crucial role in enhancing the security posture and operational efficiency of our software systems. You will collaborate closely with our development, operations, and security teams to integrate security practices seamlessly into our DevOps processes. By leveraging your expertise in secure coding, automation, and cloud technologies, you will ensure the continuous delivery of secure, reliable, and scalable software solutions.

Responsibilities:

Develop and implement security measures throughout the software development lifecycle, including secure coding practices, code reviews, and vulnerability assessments.

Collaborate with development and operations teams to integrate security controls and practices into continuous integration/continuous deployment (CI/CD) pipelines.

Automate security testing and monitoring processes to ensure the identification and remediation of vulnerabilities and security incidents.

Conduct security assessments and penetration testing to identify weaknesses and provide recommendations for improvement.

Design and implement infrastructure security solutions for cloud-based environments, including AWS, Azure, or Google Cloud.

Stay up to date with the latest industry trends, tools, and best practices in DevSecOps, and proactively recommend improvements to enhance our security posture.

Participate in incident response activities and contribute to the development of security incident response plans.Qualifications:

Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).

Proven experience as a DevSecOps Engineer or a similar role, with a strong focus on security.

Solid understanding of secure coding practices, vulnerability assessments, and penetration testing methodologies.

Proficiency in scripting and automation using languages such as Python, Bash, or PowerShell.

Hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD) and configuration management tools (e.g., Ansible, Puppet, Chef).

Familiarity with cloud platforms and services (e.g., AWS, Azure, Google Cloud) and implementing security controls within these environments.

Knowledge of containerization technologies (e.g., Docker, Kubernetes) and their security implications.

Familiarity with security tools such as vulnerability scanners, intrusion detection systems, and security information and event management (SIEM) platforms.

Relevant certifications such as CISSP, Certified Ethical Hacker (CEH), or AWS Certified Security - Specialty are a plus.

Reperio Human Capital acts as an Employment Agency and an Employment Business