Duties and Responsibilities:
- Embed security checks into CI/CD pipelines for code, containers, and infrastructure.
- Automate static (SAST), dynamic (DAST), and dependency (SCA) scanning tools.
- Define policies for secure development, secret management, and artifact validation.
- Work with DevOps teams to implement secure Infrastructure-as-Code practices.
- Enable real-time alerting and incident response from build to production.
- Champion “shift left” security culture by training teams and standardizing tools.
- Collaborate with compliance teams to meet regulatory and audit requirements.
Requirements and Qualifications:
- Bachelor’s in Computer Science, Security Engineering, or related field.
- Hands-on experience with CI/CD tools (e.g., Jenkins, GitHub Actions, GitLab CI).
- Familiarity with security tools like SonarQube, Snyk, Trivy, or Checkov.
- Proficient in scripting and automation (Python, Bash, YAML).
- Experience with IaC security (Terraform, Ansible, CloudFormation).
- Certifications such as DevSecOps Professional, OSCP, or CKS are a plus.