DevSecOps Engineer (Security & Penetration Testing)

• We are seeking a highly skilled DevSecOps Engineer with strong hands-on experience in secure DevOps practices and penetration testing. The ideal candidate will be responsible for embedding security across the CI/CD pipeline, cloud infrastructure, and application lifecycle while conducting regular vulnerability assessments and penetration testing across our digital assets. • This role is critical in ensuring confidentiality, integrity, and availability of our systems, particularly within a fintech and regulated environment. Key Responsibilities DevSecOps & Secure Engineering • Integrate security controls into CI/CD pipelines. • Implement and manage automated security testing SAST, DAST, SCA, IaC scanning. • Secure containerized workloads Docker, Kubernetes. • Harden cloud infrastructure AWS, Azure, GCP, etc.. • Implement Zero Trust security principles. • Manage secrets, keys, and certificate lifecycle. • Conduct code reviews with a focus on secure coding practices. • Implement and maintain WAF, EDR, and cloud security tooling. Penetration Testing & Vulnerability Management • Conduct internal and external penetration testing web, mobile, API, cloud. • Perform red team simulations and adversarial testing. • Execute vulnerability assessments using industry tools. • Identify, exploit where appropriate, and document security weaknesses. • Provide remediation guidance to development and infrastructure teams. • Conduct re-testing and validation of remediated vulnerabilities. • Maintain a structured vulnerability management lifecycle. Cloud & Infrastructure Security • Secure multi-cloud environments. • Implement infrastructure-as-code security controls. • Monitor logs using SIEM tools and investigate security incidents. • Ensure compliance alignment PCI-DSS, ISO 27001, NDPA, etc.. Governance & Reporting • Develop security baselines and hardening standards. • Prepare technical and executive-level security reports. • Support regulatory and third-party audits. • Develop and maintain security documentation and playbooks. Requirements • Bachelor’s degree in Computer Science, Cybersecurity, or related field. • 3 – 8 years of experience in DevOps, Security Engineering, or Penetration Testing. • Strong understanding of secure SDLC. • Strong knowledge of OWASP Top 10 and API security risks. • Experience with Linux systems and scripting Bash, Python. Hands-on experience with: • CI/CD tools GitHub Actions, GitLab CI, Jenkins • Cloud platforms AWS, Azure, or GCP • Containerization Docker, Kubernetes • SAST/DAST tools • Infrastructure as Code Terraform, CloudFormation Preferred Certifications • OSCP / OSWE • CEH • AWS Security Specialty • CISSP optional but advantageous • ISO 27001 Lead Implementer / Auditor advantage Technical Skills • Web and API penetration testing • Network penetration testing • Cloud security testing • Secure coding principles • Threat modeling • Log analysis and incident response • Automation scripting Soft Skills • Strong analytical and problem-solving ability • Excellent report writing and documentation skills • Ability to communicate technical risks to executive leadership • Strong cross-functional collaboration skills • Proactive and security-first mindset Key Performance Indicators KPIs • Reduction in critical/high vulnerabilities • Secure pipeline integration coverage • Time-to-remediation for identified vulnerabilities • Compliance audit readiness • Security automation maturity level