Senior DevSecOps Engineer

On-Call:

Responsibilities include, but are not limited to:

• Design, implement, and manage security solutions across the entire software development lifecycle (SDLC), with a focus on automation and continuous integration/continuous delivery (CI/CD) pipelines, including robust API security measures and authentication protocols.
• Champion security best practices within engineering, DevOps, SRE, and IT teams, fostering a culture of shared responsibility for security.
• Proactively identify and remediate security vulnerabilities in applications, mitigating OWASP Top 10 vulnerabilities, infrastructure, and cloud services through threat modeling, vulnerability assessments, and penetration testing.
• Develop and maintain security monitoring and alerting solutions to detect and respond to potential security incidents in real-time and prevent common cyber attacks such as DDoS, injection attacks, and credential stuffing.
• Define and enforce secure coding standards and provide training and mentorship to development teams on DevSecOps principles.
• Lead compliance initiatives by contributing to security policies, controls, and audit readiness for SOC 2, ISO 27001, GDPR, and other relevant regulations.

Must-haves:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in DevSecOps, Security Engineering, or a similar role with a strong focus on cloud security.
• 3+ years of hands-on experience with AWS services, including expertise in container orchestration, IAM, and security best practices.
• 2+ years of experience with Kubernetes, including securing Kubernetes clusters and deployments.
• Deep understanding of SAST, DAST, and container security solutions, API security testing tools, with experience implementing and managing these tools.
• Proven experience in vulnerability assessment, threat modeling, and remediation techniques.
• Experience with security incident response, including developing incident response plans and conducting post-mortems.
• Proficiency in at least one programming language (Python, Go, Java, etc.) for automation and tooling.
• Proficiency in infrastructure-as-code tools (e.g., Terraform) and CI/CD platforms (e.g., GitHub Actions, Jenkins).
• Excellent communication and collaboration skills with the ability to work effectively in a fast-paced environment.

Good to have:

• Relevant certifications (AWS Security Specialty, CISSP, CEH, Security+).
• Experience with AI-driven security tools for anomaly detection.
• Experience with Zero Trust principles and implementations.
• Experience in securing PHP - Laravel/Symfony, JS - NuxtJS applications.
• Proficiency in network security, firewall management, VPNs, and network segmentation.
• Contributions to open-source security projects or communities.
• Experience in the telecommunications industry with knowledge of eSIM and GSMA technologies.