Overview
We are seeking a highly skilled DevSecOps Engineer with expertise in integrating security practices into DevOps pipelines and cloud-native environments. You will be responsible for building secure, automated CI/CD processes, implementing security controls, and ensuring compliance across infrastructure and applications. The adecuado candidate has a strong background in DevOps, cloud platforms, and security engineering, with hands-on experience in securing large-scale, distributed systems.
Details
Location : Remote in EU
Employment Type : Full-Time, B2B Contract
Start Date : ASAP
Language Requirements : Fluent English
Key Responsibilities
Design and implement security automation in CI/CD pipelines for applications and infrastructure.
Integrate static (SAST), dynamic (DAST), and dependency (SCA) security scanning tools.
Collaborate with DevOps and engineering teams to ensure security best practices are embedded from design to deployment.
Manage secrets, IAM, and encryption policies across cloud environments (AWS, Azure, GCP).
Define and enforce compliance standards (ISO, SOC2, GDPR, HIPAA).
Build monitoring and alerting systems for threat detection and vulnerability management.
Implement container and Kubernetes security (runtime protection, image scanning, RBAC).
Support penetration testing and incident response processes.
Conduct security training and awareness for developers and operations teams.
Requirements
5+ years of experience in DevOps or Security Engineering, with at least 2+ years in DevSecOps.
Strong knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps).
Hands-on expertise with security tools (SonarQube, Snyk, Checkmarx, Aqua, Prisma, Twistlock).
Solid understanding of cloud platforms (AWS, Azure, GCP) and their security services.
Experience with infrastructure-as-code (Terraform, CloudFormation, Ansible) and policy-as-code (OPA, Sentinel).
Knowledge of containerization and orchestration security (Docker, Kubernetes).
Familiarity with monitoring and logging tools (ELK, Prometheus, Grafana).
Strong scripting/programming skills (Python, Bash, Go).
Excellent problem-solving and communication skills.
Nice to Have
Security certifications (CISSP, CISM, OSCP, CCSP, AWS/Azure/GCP Security).
Experience with zero-trust architectures and microsegmentation.
Familiarity with service mesh security (Istio, Linkerd).
Knowledge of SIEM/SOAR platforms (Splunk, QRadar, Sentinel).
Background in regulated industries (finance, healthcare, telecom).
Contributions to security open-source projects or DevSecOps communities.
#J-*****-Ljbffr