DevSecOps Engineer II

Hyderabad, Telangana
Permanent
Full-time

1 day ago

Job RequirementsJob DescriptionWe're looking for a full-time phenomenal DevSecOps Engineer to lead the integration of security practices and controls within Phenom development and operations processes. You will work closely with engineering and development teams to evolve software assurance processes to address security risks and help teams learn and adopt shift-security-to-left practices from code to production. Your focus will be on automation, continuous integration/continuous deployment (CI/CD) security, and securing infrastructure as code (IaC).What You’ll Do

Integrate and secure CI/CD pipelines, implementing security tools and practices for vulnerability detection, static/dynamic analysis, and software composition analysis.
Implement and maintain security practices for containerized environments, ensuring container images are securely built, scanned, and managed. This includes deploying and configuring tools to scan images for vulnerabilities and ensuring runtime security for containers and orchestration platforms such as Kubernetes.
Secure IaC (e.g., Terraform, Ansible) configurations and deployments to ensure security policies are implemented and maintained.
Develop and maintain scripts and tooling to automate security tasks, such as vulnerability scanning, compliance checks, and patch management.
Work closely with development teams to enforce security best practices, ensuring secure coding standards and architecture principles are applied in early development stages.
Conduct threat modeling and risk assessments on new features, solutions, and systems, advising development teams on effective security controls.
Collaborate with the Incident Response Team to monitor and respond to security incidents in development and production environments.
Ensure CI/CD and development processes comply with regulatory standards and produce relevant security metrics and reports.

Must Have

Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent work experience).
4+ years of experience in DevSecOps, with a solid understanding of DevOps principles and practices.

Specialized Knowledge

Experience and knowledge of implementing a DevSecOps ecosystem and a well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs.
Proficiency in implementing, managing, and supporting a vulnerability management program (process and technology) in Agile environments.
Experience with security tools like Tenable WAS, Fortify, Snyk, Aqua, and others.
Coding Experience in Scripting & programming languages (such as Java, Python, Bash, … )
Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability framework standards (e.g., OWASP, CVSS, CWE)

BenefitsWe want you to be your best self and to pursue your passions!

Health and wellness benefits/programs to support holistic employee health
Flexible hours and working schedules, as well as parental leave for new parents
Growing organization with career pathing and development opportunities
Tons of perks and extras in every location for all Phenoms!

Diversity, Equity, & InclusionOur commitment to diversity runs deep! Diversity is essential to building phenomenal teams, products, and customer experiences. Phenom is proud to be an equal opportunity employer taking collective action to build a more inclusive environment where every candidate and employee feels welcomed.We recognize there is more to be done. Our teams are committed to continuous improvement until these powerful ideas are ingrained in our culture for Phenom and employers everywhere!

Phenom People

Apply Now