DevSecOps Sr. Engineer

DevSecOps Sr. Engineer: DevSecOps Integration: Collaborate with development, operations, and security teams to embed security practices into the entire software development lifecycle Implement and maintain automated security controls throughout the CI/CD pipeline. Proven experience in both DevOps and SRE roles, with a focus on security integration. Strong knowledge of cloud platforms (e.g., AWS, Azure, GCP) and container orchestration tools (e.g., Kubernetes). Proficiency in scripting languages (e.g., Python, Bash) for automation. Infrastructure as Code (IaC): Leverage Infrastructure as Code principles to automate the provisioning and configuration of infrastructure components with a strong focus on security

• Implement security controls using tools such as Terraform, Ansible, or Chef.
• Continuous Monitoring and Incident Response: Establish and maintain continuous monitoring solutions to detect security incidents and vulnerabilities. Develop and execute incident response plans in collaboration with relevant teams. SRE Best Practices:
• Apply SRE principles to enhance system reliability, performance, and availability.
• Implement and maintain service level objectives (SLOs) and service level indicators (SLIs) for critical services.

Security Automation: Develop and maintain security automation scripts and tools to streamline security operations tasks. Integrate security testing tools into the CI/CD pipeline for automated vulnerability scanning.

• Collaboration with Development Teams: Work closely with software development teams to understand application architecture and provide guidance on secure coding practices. Conduct regular security reviews of code and architecture. Threat Modeling: Perform threat modeling exercises to identify and address potential security risks in applications and infrastructure
• Provide recommendations for mitigating identified threats. 8. Security Awareness and Training: Promote security awareness and provide training to development and operations teams on secure coding and operational practices. Stay informed about the latest security threats and trends. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Relevant industry certifications such as CISSP, AWS Certified Security, or Certified Kubernetes Security Specialist (CKS). Skills: Expertise in security best practices and methodologies.
• Hands-on experience with security tools and technologies. Strong problem-solving and analytical skills. Excellent communication and collaboration skills