Job Description
About the Client
Our client is a leading technology consulting and digital transformation company specializing in delivering innovative data, cloud, and cybersecurity solutions to the financial services industry. With a strong focus on business optimization, cloud technologies, and secure software delivery, the organization partners with enterprise clients to build scalable, resilient, and high-performing digital solutions. Operating across multiple international locations, our client offers professionals the opportunity to work on cutting-edge technologies in a collaborative and growth-oriented environment.
About the Role
We are looking for a DevSecOps Engineer / Senior DevSecOps Engineer to integrate security into the software development and operations lifecycle. This role is responsible for securing cloud environments, applications, and CI/CD pipelines through automation, best practices, and modern security tools.
In addition to DevSecOps responsibilities, experience in Security Operations (SOC), threat detection, and incident response will be highly advantageous, as the role works closely with security teams to strengthen the organization's overall security posture.
Key Responsibilities
- Integrate security into CI/CD pipelines using SAST, DAST, SCA, container, and Infrastructure as Code (IaC) scanning tools.
- Implement and manage security controls across Azure, AWS, and hybrid cloud environments.
- Secure Infrastructure as Code (IaC) using Terraform, ARM, or similar technologies.
- Collaborate with DevOps teams to implement secure coding, testing, and deployment practices.
- Apply container and Kubernetes security best practices, including RBAC, network policies, and image scanning.
- Manage secrets and credentials securely using tools such as Azure Key Vault and AWS Secrets Manager.
- Automate security processes, monitoring, and remediation using scripting and pipeline integrations.
- Improve cloud security posture using Microsoft Defender, Azure Security Center, AWS Security Hub, or similar platforms.
- Apply Identity and Access Management (IAM), Role-Based Access Control (RBAC), and Zero Trust security principles.
- Support vulnerability management and remediation activities.
- Contribute to compliance initiatives, including SOC 2, ISO 27001, and CIS Benchmarks.
- Work closely with Security Operations (SOC) teams to align threat detection and incident response with DevSecOps practices.
Qualifications & Experience
- DevSecOps Engineer: 2–4 years of experience in DevOps, Security, or DevSecOps.
- Senior DevSecOps Engineer: 5+ years of hands-on experience in DevSecOps and cloud security.
- Experience with CI/CD platforms such as Azure DevOps, GitHub Actions, or Jenkins.
- Strong knowledge of Azure and/or AWS cloud platforms.
- Proficiency in PowerShell, Python, Bash, or similar scripting languages.
- Hands-on experience with Infrastructure as Code (Terraform preferred).
- Solid understanding of application security principles, including the OWASP Top 10.
- Knowledge of IAM, RBAC, and network security fundamentals.
Nice to Have
- Experience with security tools such as SonarQube, Snyk, Checkmarx, Prisma Cloud, or similar.
- Experience with Docker, Kubernetes, and Kubernetes security best practices.
- Familiarity with Policy-as-Code solutions such as Open Policy Agent (OPA) or Azure Policy.
- Experience with Microsoft Defender, Azure Sentinel, and Microsoft Intune.
- Knowledge of Kusto Query Language (KQL) for threat detection and analysis.
- Experience with Logic Apps or similar automation platforms.
- Previous experience in Security Operations (SOC), incident response, or threat monitoring.
Interested candidates may send their CV to jobs@mindplus.global