qode.world

DevSecOps Engineer

qode.world

full-time

Posted on:

Location Type: Hybrid

Location: South CarolinaSouth CarolinaUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudDockerGoGoogle Cloud PlatformJenkinsKubernetesLinuxPythonTerraformVault

About the role

  • Integrate security practices into CI/CD pipelines (shift-left security)
  • Design, implement, and maintain secure cloud infrastructure (AWS, Azure, GCP)
  • Automate security testing (SAST, DAST, SCA, IaC scanning, container scanning)
  • Manage secrets, keys, and certificates securely (Vault, KMS, Secrets Manager)
  • Implement and monitor security controls for containers and Kubernetes
  • Perform threat modeling, risk assessments, and security architecture reviews
  • Respond to and investigate security incidents and vulnerabilities
  • Ensure compliance with standards (ISO 27001, SOC 2, PCI-DSS, HIPAA, etc.)
  • Collaborate with developers to improve secure coding practices
  • Maintain logging, monitoring, and alerting for security events

Requirements

  • Strong experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, Azure DevOps)
  • Proficiency in cloud platforms (AWS, Azure, or GCP)
  • Infrastructure as Code (Terraform, CloudFormation, ARM)
  • Containerization and orchestration (Docker, Kubernetes)
  • Security tools: SAST/DAST, dependency scanning, container security tools
  • Scripting/programming (Python, Bash, Go, or similar)
  • Solid understanding of networking, IAM, and security fundamentals
  • Experience with Linux systems
  • Experience with Zero Trust architecture (preferred)
  • Knowledge of OWASP Top 10 and secure coding standards (preferred)
  • Familiarity with SIEM/SOAR tools (preferred)
  • Security certifications (e.g., CISSP, CISM, CCSP, AWS Security Specialty) (preferred)
  • Experience in regulated environments (preferred)
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
CI/CDcloud infrastructuresecurity testingthreat modelingrisk assessmentssecure coding practicesscriptingnetworkingZero Trust architectureLinux systems
Certifications
CISSPCISMCCSPAWS Security Specialty