Description
The DevSecOps engineer plays a crucial role in ensuring that every step of the software development lifecycle (SDLC) follows security best practices. This involves automating security processes, embedding security testing, and fostering a culture of shared responsibility between development, operations, and security teams.
Key responsibilities include:
- Implementing secure coding practices and identifying vulnerabilities early through tools
- Reviewing for secure cloud infrastructure and ensuring compliance with security standards
- Integrating, monitoring, and improving DevSecOps tools and processes
- Performing continuous vulnerability assessments, risk mitigation, and risk management
- Designing and implementing Zero Trust security models, platform-based controls, and automated guardrails
Additionally, the DevSecOps engineer will support and consult with product and development teams to address application security risks throughout the lifecycle, provide security training and outreach to internal teams and customers, and monitor KPIs and customer experience to refine security processes and adherence.
This role requires strong development or scripting experience, specifically in Java, to automate routine tasks and improve system reliability. The ideal candidate will have a deep familiarity with common security flaws and the use of security libraries and static analysis tools (SAST).
Bachelor's degree in a relevant field or an equivalent combination of education, training, and experience is required. A minimum of 3 years of professional experience is also necessary. Certification in DevSecOps, Kubernetes, or HashiCorp is desirable but not essential.