DevSecOps Engineer

Posted on August 5, 2025

Apply Now

Job Description

  • Role: DevSecOps Engineer
  • Employment Type: Contractual
  • Work Location: 100% Remote
  • Experience: 4 to 8 Years
  • Working Hours: 1 PM to 10 PM IST
  • Key Responsibilities and Required Skills:
  • FedRAMP Compliance: Ability to learn and interpret FedRAMP Moderate controls documentation, integrating those requirements into processes and systems to ensure compliance.
  • AWS System Hardening: Experience in hardening AWS systems and services by applying Security Technical Implementation Guides (STIGs) and other industry best practices to improve cloud infrastructure security.
  • Infrastructure Code Security: Proficiency in identifying and fixing security vulnerabilities in Infrastructure-as-Code (Terraform) configurations, ensuring that provisioning scripts follow secure coding standards.
  • Vulnerability Patching: Regular application of security patches and updates to servers, applications, and dependencies to mitigate known vulnerabilities and maintain system integrity.
  • Security Scanning & Remediation: Assistance in running security scans (e.g., using Snyk and other tools) on codebase and container images, and timely remediation of discovered vulnerabilities.
  • Documentation for Certification: Development of new security processes and procedure documents required for FedRAMP Moderate certification, including policies, standard operating procedures, and compliance evidence.
  • Security Testing: Ability to perform security testing on both infrastructure and applications (e.g., configuration reviews, penetration testing coordination, code security reviews) to proactively identify and address security issues.
  • DevSecOps Expertise: Proven experience in a DevSecOps or security-focused DevOps role, with hands-on knowledge of integrating security into CI/CD pipelines and cloud environments.
  • AWS Security Knowledge: Strong familiarity with AWS services and security features, including experience hardening cloud resources (applying STIGs or similar security benchmarks).
  • Infrastructure as Code: Experience with Terraform (or similar IaC tools) and a deep understanding of how to secure infrastructure code, including detecting and fixing misconfigurations in Terraform scripts.
  • Vulnerability Management: Proficiency with vulnerability scanning tools (e.g., Snyk, Nessus) and patch management processes, with a track record of remediating findings promptly.
  • Compliance Awareness: Basic knowledge of FedRAMP, NIST 800-53, or similar security frameworks is highly beneficial (no specific certification required, but a willingness to learn and apply these standards is expected).
  • Documentation Skills: Ability to create clear and detailed security documentation, runbooks, and standard operating procedures that align with compliance requirements.
  • Problem-Solving: Strong troubleshooting skills and a proactive approach to identifying and resolving security issues across both infrastructure and application layers.
  • Communication: Excellent communication and collaboration skills, with the ability to work effectively in a remote team environment and report on security posture to stakeholders.

Required Skills

aws security knowledge: strong familiarity with aws services and security features including experience hardening cloud resources (applying stigs or similar security benchmarks). infrastructure as code: experience with terraform (or similar iac tools) and a deep understanding of how to secure infrastructure code including detecting and fixing misconfigurations in terraform scripts. vulnerability management: proficiency with vulnerability scanning tools (e.g. snyk nessus) and patch management processes with a track record of remediating findings promptly. compliance awareness: basic knowledge of fedramp nist 800-53 or similar security frameworks is highly beneficial (no specific certification required but a willingness to learn and apply these standards is expected). documentation skills: ability to create clear and detailed security documentation runbooks and standard operating procedures that align with compliance requirements. problem-solving: strong troubleshooting skills and a proactive approach to identifying and resolving security issues across both infrastructure and application layers.