Job Description
Secure SDLC & Application Security • Embed security controls at every stage of the SDLC. Conduct threat modeling, secure code reviews, and risk assessments. Implement SAST, DAST, SCA tools and interpret results for development teams. Enforce secure coding standards and promote security-first development culture. CI/CD Pipeline Security Build and maintain secure CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps). Automate security scanning and policy enforcement in build and deployment workflows. Integrate secrets management and environment hardening into pipelines. Cloud & Infrastructure Security Implement Infrastructure as Code (IaC) security reviews using Terraform, CloudFormation, ARM, or Pulumi. Validate and enforce cloud security best practices (AWS, Azure, GCP). Deploy and maintain cloud-native security tools such as AWS GuardDuty, Azure Defender, GCP SCC. Container & Kubernetes Security Build secure container images and manage scanning (Trivy, Aqua, Clair, Prisma Cloud). Enforce Kubernetes hardening controls (RBAC, network policies, pod security). Monitor cluster security posture and remediate vulnerabilities. 5. Security Automation & Tooling Develop automated playbooks/scripts using Python, Bash, or PowerShell. Integrate SIEM/SOAR platforms with build/deployment workflows. Automate vulnerability management workflows and remediation processes. Compliance & Governance Support adherence to NIST, ISO 27001, SOC 2, PCI-DSS, and internal security policies. Implement guardrails and policy-as-code using OPA, Conftest, or AWS/Azure policy engines. Produce audit-ready documentation and reporting.