Job Description
Job Description – Security Engineer / Dev Sec Ops Engineer
Core Security Expertise
- Secure SDLC: Implement and embed security practices across all phases of the software development lifecycle—from design through deployment.
- Threat Modeling: Use frameworks such as STRIDE, DREAD, or PASTA to proactively identify and mitigate architectural and implementation risks.
- Vulnerability Management: Conduct vulnerability assessments using tools like Nessus, Qualys, or Open VAS and deliver actionable remediation plans.
- Application Security: Strong understanding of OWASP Top 10 risks and hands‑on experience with SAST, DAST, IAST, and RASP tools.
- Identity & Access Management: Implement IAM principles such as least privilege, RBAC/ABAC, SSO, and MFA.
Development & Automation
- Programming/Scripting: Proficiency in Python, Bash, Go, or Java Script.
- CI/CD Security: Secure and harden pipeline tools including Jenkins, Git Hub Actions, Git Lab CI, and Azure Dev Ops. Integrate automated security testing into CI/CD workflows.
- Infrastructure‑as‑Code Security: Experience with Terraform, Cloud Formation, and Ansible. Familiarity with security scanners such as Checkov, tfsec, Terrascan, and Policy‑as‑Code (OPA/Conftest).
- Container & Orchestration Security: Practical experience securing Docker, Kubernetes, and Helm ecosystems. Exposure to Trivy, Anchore, Falco, and Kyverno.
Cloud & Platform Security
- Cloud Security: Strong understanding of AWS, Azure, or GCP security components (IAM, VPC, KMS, WAF, Secrets Manager). Experience with CSPM or CWPP tools.
- Secrets Management: Hands‑on experience with Vault, AWS Secrets Manager, SOPS, or equivalent secret‑management solutions.
Monitoring, Detection & Incident Response
- Security Monitoring & SIEM: Experience using Splunk, ELK, Sentinel, Panther, or Datadog for anomaly detection and alert triage.
- Incident Response & Forensics: Ability to analyze logs, investigate breaches, respond to incidents, and implement long‑term mitigation.
Governance, Risk & Compliance
- Knowledge of frameworks like NIST, ISO 27001, CIS Benchmarks, SOC 2, and PCI‑DSS.
-
Collaboration & Communication
- Ability to work cross‑functionally with developers, operations teams, and business stakeholders to drive a security‑first culture.
- Strong documentation and communication skills.
Nice to Have
- Experience with Semarchy x DM or Semarchy deployment workflows—beneficial for teams leveraging Semarchy as part of their application deployment lifecycle. (The platform is used in deployment processes across certain projects, making familiarity a plus.)
Core Security Expertise
- Secure SDLC: Implement and embed security practices across all phases of the software development lifecycle—from design through deployment.
- Threat Modeling: Use frameworks such as STRIDE, DREAD, or PASTA to proactively identify and mitigate architectural and implementation risks.
- Vulnerability Management: Conduct vulnerability assessments using tools like Nessus, Qualys, or Open VAS and deliver actionable remediation plans.
- Application Security: Strong understanding of OWASP Top 10 risks and hands‑on experience with SAST, DAST, IAST, and RASP tools.
- Identity & Access Management: Implement IAM principles such as least privilege, RBAC/ABAC, SSO, and MFA.
Development & Automation
- Programming/Scripting: Proficiency in Python, Bash, Go, or Java Script.
- CI/CD Security: Secure and harden pipeline tools including Jenkins, Git Hub Actions, Git Lab CI, and Azure Dev Ops. Integrate automated security testing into CI/CD workflows.
- Infrastructure‑as‑Code Security: Experience with Terraform, Cloud Formation, and Ansible. Familiarity with security scanners such as Checkov, tfsec, Terrascan, and Policy‑as‑Code (OPA/Conftest).
- Container & Orchestration Security: Practical experience securing Docker, Kubernetes, and Helm ecosystems. Exposure to Trivy, Anchore, Falco, and Kyverno.
Cloud & Platform Security
- Cloud Security: Strong understanding of AWS, Azure, or GCP security components (IAM, VPC, KMS, WAF, Secrets Manager). Experience with CSPM or CWPP tools.
- Secrets Management: Hands‑on experience with Vault, AWS Secrets Manager, SOPS, or equivalent secret‑management solutions.
Monitoring, Detection & Incident Response
- Security Monitoring & SIEM: Experience using Splunk, ELK, Sentinel, Panther, or Datadog for anomaly detection and alert triage.
- Incident Response & Forensics: Ability to analyze logs, investigate breaches, respond to incidents, and implement long‑term mitigation.
Governance, Risk & Compliance
- Knowledge of frameworks like NIST, ISO 27001, CIS Benchmarks, SOC 2, and PCI‑DSS.
-
Collaboration & Communication
- Ability to work cross‑functionally with developers, operations teams, and business stakeholders to drive a security‑first culture.
- Strong documentation and communication skills.
Nice to Have
- Experience with Semarchy x DM or Semarchy deployment workflows—beneficial for teams leveraging Semarchy as part of their application deployment lifecycle. (The platform is used in deployment processes across certain projects, making familiarity a plus.)
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application