DevSecops Engineer

Project, Role and Task Descriptions: • Design, implement, and maintain secure CI/CD pipelines for application build, test, and deployment. • Integrate security scanning, compliance checks, and vulnerability management into development and deployment workflows. • Automate infrastructure provisioning, configuration, and application deployment using modern DevSecOps tools. • Collaborate with development, QA, security, and operations teams to ensure security is embedded throughout the SDLC. • Support and enhance containerization, orchestration, and cloud environments with a strong focus on security best practices. Candidate Must\-Have Skills, Requirements and Nice\-to \-Have Skills: o CI/CD, Version Control \& Security Integration: Experience building enterprise\-grade CI/CD pipelines. GitHub (branching, PR workflows, GitHub Actions), GitHub Actions (secure workflows, secrets management, runner configuration), Jenkins (scripted/declarative pipelines, shared libraries), SonarQube (code quality, SAST), Fortify (static code analysis, security scanning). Experience setting up artifact repositories (Nexus, JFrog, ECR) o Configuration Management \& Automation: Ansible (roles, playbooks, secure inventory handling). Puppet (manifests, modules, environment management). Strong understanding of Infrastructure as Code (IaC) concepts and tooling (Terraform or CloudFrormation). o Scripting \& Development : Bash, Python, Groovy (both for Jenkins and development). Ability to write automation scripts. o Cloud : EC2, S3, IAM (roles, policies, least privilege), VPC networking basics, AWS CloudWatch, SSM, ECS/EKS • o Nice to have : Docker, Openshift, Helm