Logo
Diverse Lynx

DevSecops Engineer

Diverse Lynx, Richardson

Save Job

Job Summary:
The DevSecOps Engineer integrates security practices into the DevOps process, ensuring that software development, deployment, and operations are secure from end to end.
Experience: 6-10 yrs
Required Skills:
Programming & Scripting
• Python, Bash, Go, Ruby, JavaScript
• Regular expressions for parsing and automation
Security Fundamentals
• Cryptography (TLS, SSL, encryption standards)
• uthentication & Authorization (OAuth2, SAML, JWT)
• Secure coding practices and OWASP Top 10
Cloud Security
• Identity and Access Management (IAM)
• Cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center)
• Cloud workload protection platforms (CWPP)
Container & Orchestration Security
• Docker security best practices
• Kubernetes RBAC, Network Policies, Pod Security Standards
• Container scanning tools (e.g., Anchore, Sysdig)
Networking & Firewalls
• VPNs, proxies, load balancers
• Network segmentation and zero-trust architecture
Compliance & Auditing
• SOC 2, PCI-DSS, HIPAA, GDPR
• udit logging and forensic analysis
Tools & Platforms
Security Testing
• Static Analysis: SonarQube, Semgrep, Fortify
• Dynamic Analysis: OWASP ZAP, Burp Suite
• Dependency Scanning: Snyk, WhiteSource, Mend.io
• Secrets Detection: GitLeaks, TruffleHog
CI/CD & Automation
• Jenkins, GitHub Actions, GitLab CI, CircleCI
• rgoCD, Spinnaker
Cloud Platforms
• WS, Azure, Google Cloud Platform (GCP)
• HashiCorp Vault (for secrets management)
• Terraform, Pulumi (Infrastructure as Code tools)
Monitoring & Logging
• Prometheus, Grafana
• ELK Stack (Elasticsearch, Logstash, Kibana)
• Splunk, Datadog
Vulnerability Management
• Qualys, Nessus, OpenVAS
• Prisma Cloud, Aqua Security
Identity & Access Management
• Okta, Auth0, AWS IAM
• Keycloak
Responsibilities:
1. Security Integration in CI/CD Pipelines
• Embed security checks (e.g., SAST, DAST, SCA) into continuous integration and deployment workflows.
• utomate vulnerability scanning and remediation.
2. Infrastructure as Code (IaC) Security
• Secure IaC templates (e.g., Terraform, CloudFormation).
• Implement policies to prevent misconfigurations and enforce compliance.
3. Monitoring & Incident Response
• Set up security monitoring tools (e.g., SIEM, IDS/IPS).
• Respond to security incidents and perform root cause analysis.
4. Threat Modeling & Risk Assessment
• Conduct threat modeling during design and development phases.
• ssess risks and recommend mitigation strategies.
5. Tooling & Automation
• Select and integrate security tools (e.g., SonarQube, Aqua Security, HashiCorp Vault).
• utomate security tasks to reduce manual effort and human error.
6. Compliance & Governance
• Ensure adherence to standards like ISO 27001, NIST, GDPR, HIPAA.
• Maintain audit trails and documentation for compliance.
7. Collaboration & Training
• Work closely with developers, operations, and security teams.
• Educate teams on secure coding practices and DevSecOps principles.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.