Senior DevSecOps Engineer

This role requires the definition and execution of the DevSecOps strategy, encompassing the integration of security throughout the CI/CD pipeline and the entire Software Development Life Cycle (SDLC). The role is essential for maintaining the secure and compliant operation of multi-cloud environments (AWS, Azure, GCP) and containerized applications. Candidates must possess profound expertise in security automation, Infrastructure as Code (IaC), and relevant compliance frameworks, such as FedRAMP and NIST.

DevSecOps team plays a crucial role in driving security initiatives by working closely with Engineering, DevOps, InfoSec and Compliance teams to ensure security is embedded throughout the development and deployment lifecycle. The team would also provide clear ownership of security operations, improve risk management, and enable consistent enforcement of security best practices.

• Define DevSecOps strategy and Influence architecture and platform decisions
• Design and implement secure CI/CD pipelines with integrated security controls
• Embed security practices into SDLC (shift-left approach)
• Integrate and operationalize controls aligned with FedRAMP and cloud security best practices
• Apply secure coding practices aligned with OWASP Top 10 to reduce application vulnerabilities
• Automate security testing (SAST, DAST, SCA, container scanning, IaC scanning)
• Define and enforce secure coding standards and best practices
• Secure cloud environments (AWS / Azure / GCP) following FedRAMP security controls (NIST 800-53) where applicable
• Implement identity and access management (IAM), secrets management, and network security controls
• Harden Kubernetes clusters and containerized workloads
• Build and maintain security automation frameworks
• Develop scripts and tools (Python, Go, Bash) to improve security posture
• Monitor vulnerabilities and drive remediation efforts
• Identify and remediate vulnerabilities mapped to OWASP Top 10 categories

• 7+ years of experience in relevant roles
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field
• Hands-on experience with SAST, DAST, SCA, IaC, and container supply chain security
• Strong understanding of DevOps, DevSecOps, and Security Engineering principles
• Familiarity with compliance frameworks such as FIPS, CIS, FedRAMP, and NIST
• Strong experience with CI/CD tools (Jenkins, GitHub Actions, GitLab CI, etc.)
• Hands-on experience with cloud platforms (AWS, Azure, or GCP)
• Deep understanding of containerization (Docker) and orchestration (Kubernetes)
• Experience with Infrastructure as Code tools (Terraform, CloudFormation, etc.)
• Strong knowledge of application and infrastructure security principles
• Proficiency in scripting or programming languages (Python, Go, Bash, etc.)

Good to have

Good understanding of AI models like Claude, Gemini and any other GPT models

Working knowledge of AI Agents,  MCP, LangChain, LangGraph and securing them

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy