Senior DevSecOps Engineer

About the Role

Key Responsibilities

• Integrate security into CI/CD pipelines (SAST, DAST, SCA, artifact signing, commit verification).
• Implement runtime security for containers using tools like Trivy, Aqua, Falco, and AppArmor.
• Design, deploy, and maintain Infrastructure as Code (Terraform, Ansible) with embedded policy controls (OPA, Sentinel).
• Automate vulnerability scanning, risk reporting, and remediation workflows.

• Secure AWS or multi-cloud environments with strong IAM policies, security groups, KMS, and GuardDuty.
• Implement Kubernetes security controls: RBAC, NetworkPolicies, PodSecurityPolicies, and admission controllers.
• Manage service mesh (Istio) and mTLS configurations for zero-trust architectures.
• Enforce container hardening and image scanning processes across clusters.

• Manage secrets and credentials using Vault, AWS Secrets Manager, or SOPS.
• Support compliance automation for SOC2, ISO 27001, and PCI-DSS frameworks.
• Maintain signed artifacts and auditable build pipelines using tools like Cosign.

• Develop and maintain threat models for infrastructure and services.
• Implement continuous monitoring and alerting for vulnerabilities and misconfigurations.
• Collaborate with engineering teams to address OWASP Top 10 and CVE/CWE risks.

• Build and extend internal security tools using Python, Bash, or Go.
• Integrate open-source and commercial security tools (Snyk, SonarQube, OWASP ZAP, Burp Suite).
• Conduct security assessments, penetration testing, and continuous validation.

Required Skills & Qualifications

• 8+ years of experience in DevOps, cloud security, or DevSecOps roles.
• Deep understanding of OWASP Top 10, CVE/CWE databases, and threat modeling.
• Hands-on experience with SAST/DAST/SCA tools and pipeline integration.
• Strong background in Terraform, Ansible, and Infrastructure as Code security.
• Advanced knowledge of Kubernetes security, container hardening, and runtime protection.
• Proficiency in AWS security features (IAM, KMS, Security Hub, GuardDuty).
• Experience with secrets management tools (Vault, SOPS, AWS Secrets Manager).
• Familiarity with compliance automation for SOC2, ISO 27001, or PCI-DSS.
• Strong scripting and automation skills (Python, Bash, Go).
• Experience implementing zero-trust architectures and service mesh security (Istio, cert-manager).

Preferred Qualifications

• Relevant certifications (CISSP, CKA/CKS, AWS Security Specialty, OSCP, or similar).
• Experience securing hybrid or multi-cloud environments.
• Contributions to open-source security tools or DevSecOps frameworks.

Who We are...

SmarTek21, founded in 2006, is an innovative digital transformation leader dedicated to empowering organizations through design-led, data-centric solutions. We believe that exceptional user experiences and intelligent data-driven insights are pivotal in shaping the future of business. At the heart of our approach is Design-Led Engineering, where we combine strategic design principles with cutting-edge technology to create tailored solutions that deliver significant business outcomes. Our commitment to accelerating digital transformation includes specialized expertise in Agile DevOps, Data Engineering and analytics, Testing Automation and support, and comprehensive Managed Application and Infrastructure Services. We’ve evolved from our consulting and development roots into a full-spectrum service provider, integrating advanced technologies like Generative AI (GenAI) to facilitate our clients' seamless, transformative digital journeys. A passion unites our dynamic team of technology visionaries and business strategists for innovation and excellence. At SmarTek21, you'll join a collaborative environment dedicated to shaping the digital landscape and driving impactful results for organizations worldwide.

SmarTek21 is committed to fostering a diverse and inclusive environment. We encourage applications from individuals of all backgrounds and experiences.