DevSecOps Engineer

DevSecOps Engineer / Application Security Specialist

Overview :

We are seeking a proactive DevSecOps Engineer / Application Security Specialist to join our team. In this role, you will ensure the security of applications throughout the Software Development Life Cycle (SDLC). You will work closely with development teams to implement secure coding practices, conduct security assessments, and remediate vulnerabilities. Your focus will be on integrating security into development processes and collaborating with cross-functional teams to make security a core part of the workflow.

Responsibilities :

Collaborate with development teams to perform threat modeling and prioritize potential risks in applications.

Provide training and guidance to developers on secure coding practices and the effective use of security tools.

Assist in investigating and remediating security incidents related to application vulnerabilities.

Contribute to the development and maintenance of application security policies, standards, and procedures .

Evaluate, implement, and manage CI / CD security tools (e.g., Jenkins, Azure DevOps) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock).

Work closely with cross-functional teams to integrate security into the CI / CD pipeline and development processes.

Apply container security best practices for Kubernetes, OpenShift , and related environments, monitoring for suspicious behavior and implementing runtime protection.

Maintain up-to-date documentation of security assessments, findings, and remediation activities.

Apply OWASP methodologies to secure web applications, APIs, mobile environments, CI / CD processes, and large language models (LLMs).

Required Skills & Expertise :

Expertise in SAST, SCA, DAST, penetration testing, and vulnerability assessments .

Strong understanding of secure coding practices , with experience training developers.

Knowledge of threat modeling, security architecture reviews, and vulnerability assessments .

Experience investigating and remediating security incidents .

Hands-on experience with CI / CD security tools (Jenkins, Azure DevOps) and security testing tools (Checkmarx, Qualys, JFrog Xray, Twistlock).

Familiarity with cloud architectures (AWS, Azure).

Experience securing container environments (Kubernetes, OpenShift) including images, registries, networks, and runtimes.

Deep understanding of OWASP Top 10 , PCI DSS , ISO 27001 , NIST , and other relevant security standards.

Qualifications :

Minimum 5 years of hands-on experience in IT security roles, preferably in the financial services or enterprise environment .

Experience with programming languages and secure coding practices .

Familiarity with CI / CD practices , automation tools, and container security technologies.

Quick Apply

Success!

Your application was successfully sent!

Error