Senior DevSecOps & Cloud Security Engineer

Job Description: 
We are looking for a highly skilled Senior DevSecOps & Cloud Security Engineer to join our team. The ideal candidate will have deep expertise in securing modern software delivery pipelines, cloud infrastructures, and applications across dynamic environments. This role requires hands-on experience in DevSecOps, cloud-native security, and compliance automation. 

Key Responsibilities & Skills: 

• CI/CD Security – Secure pipelines (Jenkins, GitHub, GitLab, Azure DevOps), implement code signing, and ensure artifact integrity.
• IaC Security – Harden Terraform, Ansible, Helm; enforce “policy as code” using OPA, Checkov, tfsec.
• Container Security – Perform Docker/Podman image scanning, apply runtime protection with Falco, AppArmor, SELinux.
• Secrets Management – Manage Vault, KMS, Sealed Secrets, SOPS; implement secure secret storage and rotation.
• Application Security – Conduct SAST, DAST, SCA; apply OWASP Top 10 and API security testing.
• Cloud Security – Manage AWS/Azure/GCP IAM; apply CIS Benchmarks; leverage GuardDuty, Security Center, Defender.
• Compliance & CIS Benchmark – Hands-on with CIS-CAT Lite, STIGs, NIST, PCI-DSS automation.
• Penetration Testing – Perform web app pentests, network pentests, container escape simulations, exploit vulnerabilities, and deliver reports.
• SIEM & Threat Detection – Use ELK/EFK, Splunk, Wazuh; conduct Syslog analysis and incident correlation.
• Incident Response & Forensics – Develop playbooks, perform RCA, malware analysis, and insider threat management.
• Monitoring & Security Tools – Implement Prometheus, Grafana dashboards, and automate security alerting.
• Certifications (Preferred) – CKS, OSCP, CEH, Security+, AWS Security Specialty, CISSP.
• Documentation & Knowledge Sharing – Create security runbooks, compliance documentation, and reporting.