DevSecOps Engineer
Job Description
About the role
As a DevSecOps Engineer, you will be responsible for embedding security into every stage of the software delivery lifecycle while enabling reliable, scalable, and automated cloud platforms. You will work closely with development, security, and operations teams to design, build, and maintain secure CI/CD pipelines, cloud infrastructure, and Kubernetes platforms.This role plays a key part in ensuring security, compliance, and operational excellence across modern cloud-native environments.
Core responsibilities
Design, implement, and maintain secure, scalable CI/CD pipelines using GitHub Actions and GitOps practices.
Build and manage cloud infrastructure on Azure (preferred) and/or AWS/GCP using Infrastructure as Code (Terraform, Terragrunt).
Deploy, manage, and secure Kubernetes clusters (AKS/EKS/GKE) using Helm charts and best practices.
Embed DevSecOps practices across the SDLC, including SAST, DAST, SCA, and container security scanning.
Implement and enforce policy-as-code using tools such as OPA and Azure Policy.
Manage secrets securely using Vault, Azure Key Vault, or equivalent solutions.
Collaborate with development teams to enable secure application builds, containerization, and deployments using Docker.
Design and maintain cloud networking components including VNets/VPCs, DNS, load balancers, and private endpoints.
Monitor production environments using logging and observability tools such as Prometheus, Grafana, and Azure Monitor.
Support incident response, alerting, performance tuning, and reliability improvements across platforms.
Provide L2/L3 operational support for cloud and platform services when required.
Contribute to platform engineering initiatives such as Internal Developer Platforms (IDP), self-service infrastructure, and golden paths.
Ensure compliance with security standards, governance guardrails, and secure SDLC practices.
Work closely with engineering, architecture, and security teams to improve system resilience, scalability, and security posture.
Document architectures, processes, and operational runbooks with high accuracy and clarity.
Stay up to date with emerging DevSecOps, cloud, and security technologies and share best practices with the team.
About you
5+ years of industry experience in DevOps, DevSecOps, or Platform Engineering roles.
Proven hands-on experience with cloud platforms, preferably Azure, with exposure to AWS or GCP.
Strong expertise in Infrastructure as Code using Terraform and Terragrunt.
Deep understanding of Kubernetes and container orchestration in production environments.
Solid experience with Docker, container registries, and artifact management solutions.
Strong knowledge of CI/CD pipeline design, optimization, and automation.
Experience implementing DevSecOps practices including secure SDLC and shift-left security.
Hands-on experience with security tools for SAST, DAST, SCA, and container security.
Strong understanding of IAM concepts, RBAC, and identity management.
Proficiency in Bash/Shell scripting and Python for automation.
Experience working in UNIX/Linux environments.
Strong troubleshooting skills across infrastructure, pipelines, and cloud platforms.
Excellent communication skills with the ability to work across engineering, security, and operations teams.
High attention to detail with the ability to produce accurate and consistent documentation.
Ability to work independently and effectively in a fast-paced, dynamic environment.
A strong security-first mindset and commitment to company values and culture.
Nice to have
Experience with Internal Developer Platforms (IDP) and platform APIs.
Exposure to self-service infrastructure models and developer enablement.
Knowledge of FinOps principles and cloud cost optimization.
Experience with Agile / Scrum methodologies.
Familiarity with Jira, Confluence, or similar project tracking and documentation tools.
Experience with multi-cloud environments and hybrid architectures.Knowledge of service templates, golden paths, and governance automation.