SecOps Engineer

Job Title: Security Ops Engineer or SecOps Engineer
Location: Chennai In-Office at Client Location

About the Role:

As a DevSecOps Engineer, you will play a critical role in ensuring the security of our organization's applications and infrastructure. You will collaborate closely with development, operations, and security teams to integrate security best practices and tools into the software development life cycle (SDLC). Your expertise in security engineering, automation, and DevOps will be instrumental in protecting our organization from emerging threats.

Responsibilities:

• Shift-Left Security: Implement a "shift-left" approach to security, integrating security practices early in the development process.
• IaC Security: Scan and update Infrastructure as Code (IaC) code using industry best practices and benchmarks.
• Security Automation: Design, implement, and maintain security automation and monitoring tools to identify and remediate vulnerabilities.
• Security Assessments: Perform regular security assessments, penetration testing, and vulnerability scanning to proactively identify and address security risks.
• Security Policies: Develop and maintain security policies, guidelines, and procedures to ensure consistent and secure development practices.
• Incident Response: Assist in incident response and remediation efforts, providing expertise in security incident management and root cause analysis.
• Compliance: Ensure compliance with industry regulations and standards, such as GDPR, HIPAA, PCI DSS, or other relevant frameworks.
• Training: Educate and train development and operations teams on secure coding practices, security tooling, and the latest security trends and threats.
• Technology Evaluation: Continuously evaluate and recommend new security technologies and best practices to improve the organization's overall security posture.

Requirements:

• Bachelor's degree in computer science, information security, or a related field, or equivalent experience.
• Strong understanding of secure software development practices, such as OWASP Top Ten, secure coding principles, and threat modeling.
• Familiarity with security technologies and tools, including vulnerability scanners, intrusion detection systems, firewalls, and encryption technologies.
• Proficiency in Infrastructure as Code (IaC) tools, such as Terraform.
• Proficiency in one or more programming or scripting languages (e.g., Python, Ruby, JavaScript, Go).
• Experience with CI/CD pipelines, automation tools, and containerization technologies (e.g., Jenkins, GitHub Actions, GitLab CI/CD, Docker, Kubernetes).
• Knowledge of cloud platforms (e.g., AWS, Azure) and their respective security services, best practices, and compliance requirements.
• Strong analytical, problem-solving, and communication skills.
• Relevant industry certifications, such as CISSP, CEH, or CompTIA Security+, are a plus.

Key Skills:

• DevSecOps
• Security Engineering
• Automation
• Vulnerability Assessment
• Penetration Testing
• Compliance
• Incident Response
• Cloud Security
• IaC (Infrastructure as Code)