DevSecOps Engineer (Contract)

Role - DevSecOps / Security Enablement

• Embed security controls in CI/CD pipelines (e.g., SAST, DAST, dependency checks, container scans).
• Automate enforcement of security policies (e.g., secret detection, SBOM generation, license policy gates).
• Integrate tools like SonarQube, Trivy, Snyk, Checkov, or custom scanners into pipelines.
• Maintain infrastructure hardening and secure baseline templates (e.g., CIS benchmarks, AMI / Container baselines).
• Co-own audit and logging configurations (e.g., CloudTrail, Security Hub, WAF logs, GuardDuty alerts).
• Maintain and improve secure, automated CICD pipelines.
• Define IaC security validation steps (e.g., Terraform policy-as-code with OPA or Checkov).
• Implement backup, DR, and secrets management workflows in alignment with platform guardrails.
• Support runtime observability with secure logging and alerting pipelines (e.g., ELK / Opensearch, Prometheus, Grafana).
• Support vulnerability triage and incident response processes.
• Maintain operational runbooks with security context for SRE rotations.
• Contribute to secure service rollout (mTLS, ALB/NLB policies, header validations, etc.).
• Collaborate to address hardening gaps in Day 2 operations.

Requirements:

• 4–6 years of combined DevOps/Security Engineering experience.
• Bachelor’s degree in Computer Science, IT or related fields
• Hands-on experience in securing AWS cloud infrastructure (IAM, KMS, GuardDuty, WAF).
• Hands-on experience in commercial security tools (Next GEN Firewalls, Database Activity Monitoring).
• Proven experience integrating security checks into GitOps / CI pipelines (e.g., GitLab CI, GitHub Actions, Jenkins).
• Solid experience with container security: Docker image scanning, Kubernetes RBAC, admission controllers.
• Proficiency in scripting (Bash, Python, or similar) for automation.
• Familiarity with compliance requirements: NIST 800‑53, CIS benchmarks.
• Strong diagnostic skills, especially in cloud networking, TLS configurations, and log analysis.
Experience with IaC (Terraform/Helm), GitOps, and configuration management.

EA License No. – 25C2690 | EA Registration No. - R1330510