Role: Sr. DevSecOps Engineer
Industry Type: Retail
Department: Engineering - Software & QA
Employment Type: Full Time, Permanent
Role Category: Software Development
UG: Any Graduate
PG: Any Postgraduate
Role : Sr. DevSecOps Engineer We are seeking a highly skilled Senior DevSecOps Engineer with 4 to 7 years of experience to join our Digital Enterprise team. In this role, you will be the driving force behind "shifting security left" across our entire software development lifecycle (SDLC). You will bridge the gap between development, operations, and security teams by designing, building, and maintaining secure, automated, and observable cloud-native pipelines. The ideal candidate has deep technical execution skills in infrastructure-as-code (IaC), continuous integration/continuous deployment (CI/CD), and advanced vulnerability management. Core Responsibilities Pipeline Security Automation: Integrate and automate security gates into CI/CD pipelines (e.g., SAST, DAST, SCA, and secrets scanning) without slowing down standard delivery cadences. Infrastructure as Code (IaC): Design, implement, and maintain highly secure cloud environments using code orchestration tools. Container & Orchestration Security: Harden, deploy, and troubleshoot containerized architectures and microservices while implementing admission control policies. Secrets Management: Architect and manage enterprise secrets, cryptographic keys, and credential rotation workflows. Policy & Compliance Automation: Implement Policy-as-Code to dynamically block insecure cluster deployments and gather compliance evidence for regulatory audits. Threat Modeling & Governance: Lead proactive threat-modeling reviews during early system architecture designs to identify systemic risks. Collaboration & Culture: Coach development teams on secure coding standards, triage vulnerabilities, and conduct joint incident responses. Technical Skills Matrix Category Required Technologies & Skills Cloud Platforms AWS, Azure, or GCP (Advanced identity management and network isolation) CI/CD Tools GitHub Actions, GitLab CI, Jenkins, or Azure DevOps Infrastructure as Code Terraform, OpenTofu, Ansible, or CloudFormation Containers & Orchestration Docker, Kubernetes, Helm, and GitOps engines (Argo CD or Flux) Security Tooling Snyk, Semgrep, Trivy, Checkov, Veracode, SonarCloud, or Gitleaks Secrets & Identity HashiCorp Vault, Cloud KMS, OAuth2, JWT, and CyberArk Scripting & Automation Python, Bash, Go, or PowerShell Observability Prometheus, Grafana, Loki, or OpenTelemetry protocols Experience & Qualifications Overall Experience: Minimum 4 to 7 years of dedicated experience in DevOps, DevSecOps, or Platform/Cloud Security engineering. Production Scale: Proven history of owning and securing production cloud pipeline end-to-end at enterprise scale. Framework Familiarity: Strong understanding of security compliance standards like SOC 2, ISO 27001, NIST, or OWASP top 10. Problem Solving: Excellent debugging capability across complex Unix/Linux networking layers and distributed systems. Preferred (Nice-to-Have) Qualifications Relevant certifications: AWS Certified Security Specialty, Certified Kubernetes Security Specialist (CKS), or CISSP. Exposure to automated incident triage workflows or AIOps/MLOps validation pipelines. Soft Skills Clear Communicator: Ability to explain deep technical vulnerabilities and operations issues to business stakeholders and developers alike. Mentorship Mindset: Passionate about running secure-code workshops and upskilling junior engineers on security policies. Cross-Functional Partner: Adept at finding consensus between the friction of "strict security controls" and the speed of "developer productivity".
Disclaimer
This job posting has been aggregated from external source. Role details, content, and availability are subject to change. Applicants are advised to confirm the latest information directly on the company website before applying.