**What you will do** - **Security Integration**: Embed security practices into CI/CD pipelines using tools like **Bamboo, Jenkins, GitLab CI/CD, or Azure DevOps**; Ensure secure coding practices by integrating **SAST, DAST**, and dependency scanning tools (e.g., Veracode, Checkmarx, OWASP ZAP); - **Automation of Security Controls**: Automate vulnerability scans, configuration checks, and compliance validation using tools like **Ansible, Terraform, or CloudFormation**; Develop automated workflows for threat detection and remediation using tools like **AWS Lambda** or **Azure Functions**; - **Compliance & Governance**: Align DevSecOps processes with PCI DSS, HIPAA, ISO 27001, and GDPR standards; Ensure proper documentation of security policies, audit findings, and compliance reports; Conduct regular risk assessments and gap analyses to identify areas for improvement; - **Monitoring & Incident Management**: Implement security monitoring solutions (e.g., AWS CloudWatch, Azure Sentinel, Splunk) to detect and respond to security threats; Establish incident response workflows and playbooks to ensure quick mitigation of breaches and vulnerabilities; - **Observability**: Implement methodology to better understand the internal state of software systems/interactions; Create solutions to evolve data capture/analysis through various characterization: high cardinality and high dimensionality; Develop methods to explore data in real time; **Must haves** - **Education & Experience**: Bachelor’s degree with **6-8 years** in DevSecOps, security engineering, or related roles; - **Technical Skills**: Proficiency in CI/CD tools, cloud security (AWS/Azure), scripting (Python, Bash), and security automation; - Certifications: Preferred certifications include **CISSP, CCSP, OSCP**, or DevSecOps-specific credentials (e.g., **DevSecOps Practitioner**); - Upper-intermediate English level.