DevSecOps Engineer (Remote)

Eligibility Criteria

• Bachelor's Degree in Computer Science or equivalent.
• Must: 5+ years of applied cloud security knowledge of AWS.
• 5+ years Experience of reviewing production code and fixes for multiple codebases in Node.js
• 2+ years of experience investigating the impact of cloud security engineering issues and incidents
• Fluent in English

Responsibilities:

• Design, implement and maintain secure cloud architecture solutions on AWS, including API security,  ensuring compliance with industry best practices, while taking under consideration business needs and constraints.
• Collaborate with development and operations teams to integrate security practices into the software development lifecycle (SDLC), including continuous integration/ continuous deployment (CI/CD) pipelines.
• Conduct security assessments and vulnerability scans on cloud infrastructure and applications.
• Develop and implement security policies, standards, and procedures, ensuring proper access controls, encryption, and data protection.
• Monitor and analyse logs and alerts to detect and respond to security incidents, implementing incident response plans.
• Automate security processes and tasks using scripting languages, AWS CloudFormation, and infrastructure-as-code (IaC) tools.
• Stay up-to-date with the latest security features, tools, and industry trends, providing recommendations for enhancing security posture.
• Collaborate with cross-functional teams to define and implement security requirements for new projects and initiatives.
• Provide guidance and support to development teams in implementing secure coding practices and conducting security testing.
• Knowledge of conducting security checks (application vulnerability analysis and security component analysis).
• Lead projects and ongoing support of security operations.

What you bring:

• Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail.
• Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube).
• In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001).
• Proficiency in scripting languages such as Python, Bash, Groovy.
• Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform.
• Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions.
• Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures.
• Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns).
• Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment.
• Participate in incident handling and other related duties to support the information security function.
• The ability to learn and apply new concepts quickly.
• Strong written and oral communication skills

Additional certifications preferred:

• Relevant certifications such as AWS Certified Security – Specialty, Certified DevOps Engineer, or other security-related certifications are a plus.
• Certified Ethical Hacker, Certified Secure Software Lifecycle Professional.
• Certified Information Security Professional (CISSP)