Location: Remote
Job Type: Full-time

About the Role:

We are seeking a DevSecOps Engineer to bridge the gap between web development, operations, and security. You will be responsible for developing secure web applications, managing CI/CD pipelines, and implementing robust cloud and network security practices across our infrastructure.

Key Responsibilities:

• Design, develop, and deploy secure, scalable web applications using modern frameworks (e.g., React, Node.js, Django).

• Build and maintain CI/CD pipelines (GitHub Actions, Jenkins, or GitLab CI).

• Integrate automated security testing into the development pipeline (SAST, DAST, SCA).

• Monitor cloud infrastructure (AWS/GCP/Azure) and implement security best practices (IAM, VPCs, security groups, etc.).

• Conduct regular threat modeling, vulnerability assessments, and penetration testing.

• Automate infrastructure using Infrastructure as Code (Terraform, Ansible).

• Collaborate with development and IT teams to ensure DevOps and security alignment.

• Respond to and investigate incidents involving infrastructure or application compromise.

Required Skills & Experience:

• 3+ years of experience in DevOps or Site Reliability Engineering.

• 2+ years of hands-on web development experience.

• Solid knowledge of network security principles (e.g., firewalls, IDS/IPS, TLS, VPN).

• Experience with Docker and Kubernetes in production environments.

• Familiarity with OWASP Top 10 and secure coding practices.

• Scripting skills in Bash, Python, or similar languages.

• Experience with logging/monitoring tools (ELK stack, Prometheus, Grafana).

• Understanding of authentication protocols (OAuth2, SAML, etc.).

Preferred Qualifications:

• Certifications: OSCP, CEH, or AWS Security Specialty.

• Experience with zero trust security architecture.

• Contributions to open-source DevSecOps or security tools.