Synergy Technologies
Website:
synergytechs.net
Job details:
Hi,
Synergy Technologies is a leader in technology services and consulting. We enable clients across the world to create and execute strategies .We help our clients find the right problems to solve, and to solve these effectively. We bring our expertise and innovation to every project we undertake
Position: DevSecOps Engineer
Location : Hyderabad Gachibowli, India (On-site / Hybrid)
Experience : 3+ Years
Work Mode: Hybrid
Notice Period
Immediate to 7 Days Preferred to Start.................
Employment Type
Full-Time, Permanent
Cloud Platforms
AWS (Required) · Azure (Required) · GCP (Added Advantage)
DevSecOps Engineer
About the Role
We are looking for a skilled and proactive DevSecOps Engineer to join our growing engineering team at our Hyderabad office. In this role, you will bridge the gap between development, security, and operations — embedding security practices throughout our CI/CD pipelines and cloud infrastructure. You will work closely with software engineers, cloud architects, and security teams to build and maintain secure, scalable, and reliable systems across AWS and Azure environments.
Key Responsibilities
Security Integration & DevSecOps
- Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, secret scanning) to enable shift-left security.
- Implement and manage security automation tools such as Snyk, Checkmarx, SonarQube, OWASP ZAP, or equivalents.
- Conduct threat modelling, vulnerability assessments, and code reviews to identify and mitigate risks early.
- Establish and enforce secure coding standards and guidelines across engineering teams.
Cloud Infrastructure & Security (AWS & Azure)
- Design, deploy, and maintain secure cloud infrastructure on AWS and Azure using Infrastructure-as-Code (Terraform, CloudFormation, ARM templates).
- Configure and manage cloud-native security services: AWS Security Hub, GuardDuty, IAM, WAF, Azure Defender, Azure Sentinel, and more.
- Enforce least-privilege access controls, identity management, and secrets management (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault).
- Conduct cloud security posture assessments and remediate misconfigurations proactively.
CI/CD Pipeline & Automation
- Build and maintain robust CI/CD pipelines using Jenkins, GitHub Actions, GitLab CI, Azure DevOps, or AWS CodePipeline.
- Automate infrastructure provisioning, configuration management, and compliance checks.
- Develop and maintain Helm charts, Kubernetes manifests, and container security policies.
- Implement automated compliance scanning against CIS Benchmarks, NIST, SOC2, and PCI-DSS frameworks.
Monitoring, Incident Response & Compliance
- Set up and manage SIEM tools, centralized logging (ELK Stack, Splunk, AWS CloudWatch, Azure Monitor), and alerting.
- Lead incident response efforts for security events, conduct root-cause analyses, and implement corrective actions.
- Collaborate with compliance teams to ensure adherence to industry standards and regulatory requirements.
- Maintain up-to-date documentation for security processes, runbooks, and architecture diagrams.
Required Qualifications & Skills
Experience
- 3+ years of hands-on experience in a DevSecOps, Cloud Security, or Site Reliability Engineering (SRE) role.
- Proven experience working with AWS and Azure cloud platforms in production environments.
- Strong background in containerization and orchestration: Docker, Kubernetes (EKS, AKS).
Technical Skills
- Cloud: AWS (EC2, S3, IAM, VPC, Lambda, EKS, RDS, CloudTrail, Security Hub) and Azure (AKS, AD, Defender, Sentinel, Key Vault).
- IaC: Terraform, CloudFormation, ARM Templates, Ansible, or equivalent.
- CI/CD: Jenkins, GitHub Actions, GitLab CI, Azure DevOps, or AWS CodePipeline.
- Security Tools: Snyk, Checkmarx, SonarQube, Aqua Security, Trivy, OWASP ZAP, Nessus, or equivalents.
- Scripting: Proficiency in Python, Bash, or Go for automation and tooling.
- Monitoring: ELK Stack, Prometheus, Grafana, Splunk, Datadog, or similar.
- Version Control: Git (GitHub / GitLab / Bitbucket) — branching strategies, PR reviews.
Security Knowledge
- Strong understanding of OWASP Top 10, CVE management, and vulnerability lifecycle.
- Familiarity with compliance frameworks: ISO 27001, SOC 2, PCI-DSS, NIST CSF, CIS Benchmarks.
- Experience with network security, zero-trust architecture, and micro-segmentation.
Good to Have (Added Advantage)
- Google Cloud Platform (GCP) experience — GKE, Cloud Armor, Security Command Center, Cloud IAM.
- Certifications: AWS Security Specialty, Azure Security Engineer (AZ-500), CKS, CISSP, CEH, or equivalent.
- Experience with service mesh technologies (Istio, Linkerd) and API security.
- Familiarity with FinOps practices and cloud cost optimisation.
- Knowledge of chaos engineering principles (Chaos Monkey, Litmus).
Click on Apply to know more.