DevSecOps Engineer Pune (WFO)

Pune - India

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

DevSecOps Consultant

Overview:

The DevSecOps Consultant will be responsible for integrating security into every stage of the Software Development Lifecycle (SDLC). This includes implementing security controls within CI/CD pipelines enabling development teams with best practices and automating secure coding compliance across all engineering initiatives.

Experience:

5 - 7 years

Roles:

Coordinate with Platform and Engineering teams to ensure that critical vulnerabilities are mitigated within the appropriate subsystems or enterprise technology products.
Work closely with the Engineering team in SSDLC threat modelling etc.
Share monthly metrics report on vulnerability trends & DevSecOps posture.

Responsibilities:

CI/CD Security Integration: Analyze the automated process of secure CI/CD pipeline and present generated reports to the management.
Secure Development: Annually review secure coding standards like Shift Left Shift Right etc. Perform threat modelling. Present the outcome of the Threat Modelling to the Project manager discuss mitigations and document the outcome of these discussions.
Infrastructure Security: Since our configurations are in the form of Infrastructure as Code (Terraform / Helm Charts) review hardening guidelines with reviewing these scripts.
Awareness & Training: Deliver hands-on training sessions workshops and awareness programs to Engineering and Platform teams; the topics can include but not limited to secure design principles API security cloud security and DevSecOps practices. Helping build a security-first culture across the Engineering team.
Metrics & Governance: Monitoring security posture through key metrics such as vulnerability fix rate mean time to remediation (MTTR) CI/CD pipeline security coverage and DevSecOps adoption levels across teams. Helping leadership drive continuous improvement and provide visibility on security maturity with the help of these metrics.

Preferred Skillset:

CI/CD tools: BitBucket
Security tools: Snyk SonarQube
Languages: Python Bash YAML Java Spring Boot
Cloud: GCP AWS Azure
Compliance: OWASP Top 10 NIST ISO 27001

DevSecOps ConsultantOverview:The DevSecOps Consultant will be responsible for integrating security into every stage of the Software Development Lifecycle (SDLC). This includes implementing security controls within CI/CD pipelines enabling development teams with best practices and automating secure c...