DevSecOps Engineer

This role is for one of the Weekday's clients

Salary range: Rs 5000000 - Rs 6000000 (ie INR 50 - 60 LPA)

Min Experience: 9 years

Location: Chennai

JobType: full-time

We are seeking a highly experienced and driven Senior DevSecOps Engineer to lead the integration of security practices into our development and operations lifecycle. This role is ideal for a professional who is passionate about building secure, scalable systems and embedding security at every stage of the software delivery pipeline.

As a Senior DevSecOps Engineer, you will be responsible for designing, implementing, and maintaining robust security frameworks across cloud-native environments, with a strong focus on automation, continuous integration, and proactive risk mitigation. You will collaborate closely with engineering, QA, and infrastructure teams to ensure security is not an afterthought but a foundational component of all deliverables.

Key Responsibilities:

• Design and implement end-to-end DevSecOps strategies, integrating security tools and practices into CI/CD pipelines.
• Lead the adoption and optimization of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities early in the development lifecycle.
• Establish and enforce secure coding standards aligned with OWASP Top 10 and industry best practices.
• Build and manage automated security testing frameworks within cloud environments, particularly AWS.
• Conduct threat modeling, risk assessments, and vulnerability management across applications and infrastructure.
• Collaborate with development teams to remediate security findings and ensure timely resolution of vulnerabilities.
• Develop and maintain security monitoring, logging, and incident response mechanisms.
• Drive security awareness and training initiatives across engineering teams.
• Ensure compliance with internal security policies and external regulatory requirements.

Required Skills & Qualifications:

• 9–15 years of experience in DevOps, DevSecOps, or Application Security roles.
• Strong hands-on expertise in DevSecOps practices, including secure CI/CD pipeline design and implementation.
• Deep understanding and practical experience with SAST and DAST tools (e.g., Checkmarx, Fortify, Veracode, Burp Suite, OWASP ZAP).
• Solid knowledge of OWASP Top 10 vulnerabilities and secure coding practices.
• Extensive experience working with AWS services (e.g., EC2, S3, IAM, Lambda, CloudTrail, Security Hub).
• Proficiency in scripting and automation using languages such as Python, Bash, or similar.
• Experience with container security (Docker, Kubernetes) and infrastructure-as-code tools (Terraform, CloudFormation).
• Familiarity with secrets management, identity and access management, and encryption mechanisms.
• Strong problem-solving skills with the ability to analyze complex security issues and provide effective solutions.

Preferred Qualifications:

• Certifications such as AWS Certified Security Specialty, CISSP, CEH, or similar.
• Experience in regulated industries with strong compliance requirements.
• Prior experience leading or mentoring security or DevOps teams.