DevSecOps Engineer

We are hiring a Senior DevSecOps / Security Engineer with 8 years of experience securing AWS cloud on-prem infrastructure DevOps platforms MLOps environments CI/CD pipelines container orchestration and data/ML platforms. This role is responsible for creating and maintaining a unified security posture across all systems used by DevOps and MLOps teams - including AWS Kubernetes EMR MWAA Spark Docker GitOps observability tools and network infrastructure.

Key Responsibilities:

1. Cloud Security (AWS)-

• Secure all AWS resources consumed by DevOps/MLOps/Data Science: EC2 EKS ECS EMR MWAA S3 RDS Redshift Lambda CloudFront Glue Athena Kinesis Transit Gateway VPC Peering.
• Implement IAM least privilege SCPs KMS Secrets Manager SSO & identity governance.
• Configure AWS-native security: WAF Shield GuardDuty Inspector Macie CloudTrail Config Security Hub.
• Harden VPC architecture subnets routing SG/NACLs multi-account environments.
• Ensure encryption of data at rest/in transit across all cloud services.

2. DevOps Security (IaC CI/CD Kubernetes Linux)-

Infrastructure as Code & Automation Security:

• Secure Terraform CloudFormation Ansible with policy-as-code (OPA Checkov tfsec).
• Enforce misconfiguration scanning and automated remediation.

CI/CD Security:

• Secure Jenkins GitHub GitLab pipelines with SAST DAST SCA secrets scanning image scanning.
• Implement secure build artifact signing and deployment workflows.

Containers & Kubernetes:

• Harden Docker images private registries runtime policies.
• Enforce EKS security: RBAC IRSA PSP/PSS network policies runtime monitoring.
• Apply CIS Benchmarks for Kubernetes and Linux.

Monitoring & Reliability:

• Secure observability stack: Grafana CloudWatch logging alerting anomaly detection.
• Ensure audit logging across cloud/platform layers.

3. MLOps Security (Airflow EMR Spark Data Platforms ML Pipelines)-

Pipeline & Workflow Security:

• Secure Airflow/MWAA connections secrets DAGs execution environments.
• Harden EMR Spark jobs Glue jobs IAM roles S3 buckets encryption and access policies.

ML Platform Security:

• Secure Jupyter/JupyterHub environments containerized ML workspaces and experiment tracking systems.
• Control model access artifact protection model registry security and ML metadata integrity.

Data Security:

• Secure ETL/ML data flows across S3 Redshift RDS Glue Kinesis.
• Enforce data versioning security lineage tracking PII protection and access governance.

ML Observability:

• Implement drift detection (data drift/model drift) feature monitoring audit logging.
• Integrate ML monitoring with Grafana/Prometheus/CloudWatch.

4. Network & Endpoint Security-

• Manage firewall policies VPN IDS/IPS endpoint protection secure LAN/WAN Zero Trust principles.
• Conduct vulnerability assessments penetration test coordination and network segmentation.
• Secure remote workforce connectivity and internal office networks.

5. Threat Detection Incident Response & Compliance-

• Centralize log management (CloudWatch OpenSearch/ELK SIEM).
• Build security alerts automated threat detection and incident workflows.
• Lead incident containment forensics RCA and remediation.
• Ensure compliance with ISO 27001 SOC 2 GDPR HIPAA (as applicable).
• Maintain security policies procedures RRPs (Runbooks) and audits.

• 8 years in DevSecOps Cloud Security Platform Security or equivalent.
• Proven ability securing AWS cloud ecosystems (IAM EKS EMR MWAA VPC WAF GuardDuty KMS Inspector Macie).
• Strong hands-on experience with Docker Kubernetes (EKS) CI/CD tools and Infrastructure-as-Code.
• Experience securing ML platforms data pipelines and MLOps systems (Airflow/MWAA Spark/EMR).
• Strong Linux security (CIS hardening auditing intrusion detection).
• Proficiency in Python Bash and automation/scripting.
• Excellent knowledge of SIEM observability threat detection monitoring systems.
• Understanding of microservices API security serverless security.
• Strong understanding of vulnerability management penetration testing practices and remediation plans.

Education-

• Masters degree in Cybersecurity Computer Science Information Technology or related field.
• Relevant certifications (AWS Security Specialty CISSP CEH CKA/CKS) are a plus.

• Competitive Salary Package
• Generous Leave Policy
• Flexible Working Hours
• Performance-Based Bonuses
• Health Care Benefits