Senior DevOps/DevSecOps Engineer
Hitya Global
- Location
- Bengaluru, Karnataka, India
- Job type
- Full-time
Required skills
- Python
- penetration testing
- SIEM
- PCI-DSS
- AWS
- automation tools
- Bash
- CI
- CloudFormation
- compliance
- containerization
- cross-functional
- DevOps
- Docker
- forecasting
- GitHub
- Jenkins
- Kubernetes
- Terraform
- Vault
About the role
Hitya Global
Website:
hityaglobal.in
Job details:
Responsibilities
- Integrate Security : Embed security testing, reviews, and best practices into all phases of the development lifecycle
- Automate Security Processes : Design, implement, and maintain security automation tools (e.g., SAST, DAST, SCA, secrets scanning) within the CI/CD pipelines to detect vulnerabilities early and efficiently.
- Conduct Assessments and Testing : Perform regular vulnerability assessments, threat modeling, and penetration testing on applications and infrastructure to identify and mitigate risks.
- Manage Infrastructure as Code (IaC) Security : Ensure secure configuration and management of cloud and on-premise infrastructure using IaC tools like Terraform, or CloudFormation.
- Monitor and Respond to Incidents : Set up and manage security monitoring and observability solutions (e.g., SIEM, ELK stack, Grafana) to detect and respond to security incidents in real-time.
- Ensure Compliance : Work with compliance teams to implement and enforce security policies and regulatory standards (e.g., GDPR, HIPAA, PCI-DSS, SOC 2).
- Collaborate and Educate : Foster a security-aware culture by collaborating with cross-functional teams and providing guidance and training on secure coding practices and emerging threats.
Required
- Experience : Proven experience in a DevSecOps, DevOps, or a related cybersecurity role (typically 4+ years, more for senior positions).
Technical Proficiency
- CI/CD Tools : Jenkins, GitLab CI, GitHub Actions.
- Cloud Platforms : Deep understanding of security on AWS.
- Scripting/Programming : Proficiency in languages like Python, Bash, Shell, or Go for automation and custom tool development.
- IaC and Containerization : Experience with Docker, Kubernetes, and Terraform.
- Security Tools : Familiarity with vulnerability scanning, static/dynamic analysis, and secrets management tools (e.g., SonarQube, Snyk, HashiCorp Vault, OWASP ZAP).
- Experience with AI/ML-based security tools for threat detection and risk forecasting.
HARD REQUIREMENTS (All Mandatory)
Core Experience :
- Security in Production : Has actually fixed security vulnerabilities in live systems handling real user data at scale
- AWS Security : Hands-on with IAM, Security Groups, KMS, Secrets Manager (not just theoretical)
- CI/CD Security : Integrated security scanning in pipelines (not just built pipelines)
- Compliance : Worked on ISO 27001, SOC 2, or PCI-DSS implementation (not just awareness)
Key Points
- MUST have experience in handling 5k+ concurrent requests
- MUST have prepared company for ISO/SOC 2 successfully
- MUST have async/real-time experience
(ref:hirist.tech)
Click on Apply to know more.
This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.