Senior DevSecOps Engineer (Hybrid)
Indexed description
The Senior / Lead DevSecOps Engineer is a hands-on technical leader responsible for embedding a security-first mindset throughout the software development lifecycle. This role blends deep expertise in security, development, and operations to drive adoption of DevSecOps practices across engineering teams.
The successful candidate will design, implement, and automate security controls that protect critical applications and infrastructure while ensuring development agility. Experience working in regulated industries, particularly banking or financial services, is a strong advantage.
Key Responsibilities
- DevSecOps Strategy and Implementation
Infrastructure as Code (IaC) Security: Define and enforce security standards in IaC using tools like Terraform or CloudFormation. Implement automated scanning and compliance validation.
Secrets Management: Deploy and manage secure systems for secrets, keys, and credentials (e.g., HashiCorp Vault, AWS/Azure Secrets Manager).
Security Automation: Automate security-related processes such as configuration management, vulnerability scanning, patching, and compliance verification.
- Security Governance and Compliance
Threat Modeling and Risk Assessment: Lead proactive threat modeling early in the SDLC to identify and mitigate potential vulnerabilities.
Continuous Monitoring: Implement and maintain continuous monitoring, logging, and alerting using SIEM and related tools to detect and respond to threats in real time.
- Collaboration, Mentorship, and Incident Support
Mentorship: Coach and train engineers on secure coding practices, DevSecOps principles, and integrated security tooling.
Incident Response: Support the SOC during security incidents, providing deep technical expertise for containment, root cause analysis, and automated remediation.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search