DevSecOps Engineer (Security & Penetration Testing)

Role Summary

We are seeking a highly skilled DevSecOps Engineer with strong hands-on experience in secure DevOps practices and penetration testing. The ideal candidate will be responsible for embedding security across the CI/CD pipeline, cloud infrastructure, and application lifecycle while conducting regular vulnerability assessments and penetration testing across our digital assets.

This role is critical in ensuring the confidentiality, integrity, and availability of our systems, particularly within a fintech and regulated environment.

Key Responsibilities

1. DevSecOps & Secure Engineering

• Integrate security controls into CI/CD pipelines.
• Implement and manage automated security testing (SAST, DAST, SCA, IaC scanning).
• Secure containerized workloads (Docker, Kubernetes).
• Harden cloud infrastructure (AWS, Azure, GCP, etc.).
• Implement Zero Trust security principles.
• Manage secrets, keys, and certificate lifecycle.
• Conduct code reviews with a focus on secure coding practices.
• Implement and maintain WAF, EDR, and cloud security tooling.

2. Penetration Testing & Vulnerability Management

• Conduct internal and external penetration testing (web, mobile, API, cloud).
• Perform red team simulations and adversarial testing.
• Execute vulnerability assessments using industry tools.
• Identify, exploit (where appropriate), and document security weaknesses.
• Provide remediation guidance to development and infrastructure teams.
• Conduct re-testing and validation of remediated vulnerabilities.
• Maintain a structured vulnerability management lifecycle.

3. Cloud & Infrastructure Security

• Secure multi-cloud environments.
• Implement infrastructure-as-code security controls.
• Monitor logs using SIEM tools and investigate security incidents.
• Ensure compliance alignment (PCI-DSS, ISO 27001, NDPA, etc.).

4. Governance & Reporting

• Develop security baselines and hardening standards.
• Prepare technical and executive-level security reports.
• Support regulatory and third-party audits.
• Develop and maintain security documentation and playbooks.

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
• 3 – 8 years of experience in DevOps, Security Engineering, or Penetration Testing.
• Strong understanding of secure SDLC.
• Strong knowledge of OWASP Top 10 and API security risks.
• Experience with Linux systems and scripting (Bash, Python).

Hands-on experience with:

• CI/CD tools (GitHub Actions, GitLab CI, Jenkins)
• Cloud platforms (AWS, Azure, or GCP)
• Containerization (Docker, Kubernetes)
• SAST/DAST tools
• Infrastructure as Code (Terraform, CloudFormation)

Preferred Certifications

• OSCP / OSWE
• CEH
• AWS Security Specialty
• CISSP (optional but advantageous)
• ISO 27001 Lead Implementer / Auditor (advantage)

Technical Skills

• Web and API penetration testing
• Network penetration testing
• Cloud security testing
• Secure coding principles
• Threat modeling
• Log analysis and incident response
• Automation scripting

Soft Skills

• Strong analytical and problem-solving ability
• Excellent report writing and documentation skills
• Ability to communicate technical risks to executive leadership
• Strong cross-functional collaboration skills
• Proactive and security-first mindset

Key Performance Indicators (KPIs)

• Reduction in critical/high vulnerabilities
• Secure pipeline integration coverage
• Time-to-remediation for identified vulnerabilities
• Compliance audit readiness
• Security automation maturity level

<