DevSecOps Engineer at Qhala

Responsibilities

• Incorporate security controls and best practices into the CI/CD pipelines, ensuring security is automated across build, deployment, and operation stages.
• Identify potential security risks early in the SDLC and collaborate with development and operations teams to mitigate them.
• Automate security tasks such as vulnerability scanning, code analysis, and policy compliance throughout the development lifecycle.
• Infrastructure Security: Secure cloud and on-premise infrastructure, focusing on server hardening, network security, and data encryption.
• Develop and maintain security monitoring, logging, and alerting mechanisms to quickly detect and respond to potential threats.
• Conduct regular vulnerability assessments and penetration tests, working with teams to ensure timely resolution of issues.
• Ensure adherence to relevant security frameworks and regulatory requirements (e.g., ISO 27001, GDPR, SOC 2) through automated compliance checks.

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).
• 3+ years in a DevOps, security, or software engineering role, with demonstrated experience in DevSecOps practices.
• Proficient in securing AWS, Azure, or GCP environments.
• Experience with scripting languages (Python, Bash, etc.) and automation tools (e.g., Ansible, Terraform, Jenkins).
• Hands-on experience integrating security tools into CI/CD pipelines (e.g., GitLab)
• Familiarity with static analysis, dynamic analysis, SAST, DAST, dependency scanning, and vulnerability management tools (e.g., OWASP, SonarQube,