DevSecOps Engineer Graduate Fresher Jobs in Bangalore

DevSecOps Experience: Minimum 5+ years of hands-on experience in DevSecOps, cloud engineering, or operations roles, with demonstrated expertise in integrating security into continuous integration and continuous deployment pipelines. Multi-Cloud Expertise: Strong proficiency in implementing security controls and managing compliance across AWS (preferred), Azure, and GCP platforms, including deep knowledge of identity services (IAM, Workload Identity), network security, and data protection offerings. Infrastructure as Code and Automation: Expertise with infrastructure-as-code tools such as Terraform, CloudFormation, or Ansible, with ability to implement automated security compliance checking and remediation across cloud platforms. CI/CD and DevOps Tools: Extensive experience with CI/CD platforms (Jenkins, AWS CodePipeline, GitHub Actions, Azure DevOps) and container orchestration tools (Docker, Kubernetes), including implementation of security scanning and policy enforcement. Programming and Scripting: Proficiency in scripting and programming languages commonly used in automation and security tooling, such as Python, Bash, or Go, with ability to develop custom solutions and automation frameworks. Security Testing and Scanning: Expertise in security testing methodologies, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and container scanning tools. Cloud Security Standards: Deep knowledge of security best practices, compliance frameworks (SOC 2, ISO 27001, CIS Benchmarks, OWASP), and regulatory requirements relevant to financial services and data protection (GDPR, data residency requirements). API and Application Security: Understanding of secure API design principles, authentication protocols (OAuth, SAML, mTLS), encryption standards, secrets management solutions, and application security testing frameworks. Networking and Infrastructure Security: Strong understanding of network security principles, including VPCs, firewalls, network segmentation, DDoS protection, SSL/TLS, VPN, and network monitoring solutions. Incident Response and Forensics: Experience developing incident response procedures, conducting security investigations, analyzing logs, and implementing threat detection and monitoring capabilities. Container and Kubernetes Security: Knowledge of container security best practices, image scanning, runtime security, policy enforcement, and securing Kubernetes environments across cloud platforms.

ESSENTIAL DUTIES AND RESPONSIBILITIES:1. Perform Application, API and Microservices Pentest2. Perform Network Pentest (Internal and External)3. Perform Mobile App Pentest, Mobile Assessments,4. Threat Modelling, Legal Reviews,5. Reporting and the PoCs of the vulnerabilities, and Documentation,6. Coordinate with various stakeholders,7. Perform R&Ds8. Other Security AnalysisMandatory Requirements:1. Relevant Experience in Security Domain: 3+ Years.2. Proven expertise & track record in Web Application Penetration testing (Web, Mobile.3. API/Web Services on JAVA & .Net) through DAST Manual approach.4. Proven expertise & track record in Mobile Application Penetration testing (Web, Mobile. API/Web Services on JAVA & .Net) through DAST Manual approach.5. Hands-on experience in DAST tools, API (SOAPUI, PostMan).6. Experience in DAST Manual Assessments, Threat Model and Penetration Testing.7. Good Network Pentest skills-sets for external and internal networks.8. Excellent written and verbal communication skills.Preferred Skillsets:1. Hands-on experience of DevSecOps.2. Good Knowledge of Java, .NET, SQL queries (Oracle, PostgreSQL etc).3. Experience in Automating Security tasks using Python or Java Frameworks and System/Network Exploitation is a bonus.4. Experience in Red Teaming.5. Handson experience, knowledge and understanding of Security Frameworks.6. Handson experience on MS Tools.

Experience :7+yearsWork Mode:Work From Office Interview Mode: VirtualLocation :Bangalore Notice period 0 to 15 daysRoles and Responsibilities: Building Infrastructure as Code (IAC) for applications cloud infrastructure leveraging Terraform. Building end to end continuous integration (CI) and continuous deployment (CD) pipelines for public cloud deployments with a GitOps mindset Analyze, triage, and manage incoming security events based on various data points, log sources, and network statistics. Setup observability and telemetry leading to the build out of SEIM solution. Participate in chaos engineering to test application resiliency. Defines the set of declarative modules for infrastructure provisioning via Terraform Acts as an owner and SME for all things related to Kubernetes, Helm Charts, EKS, and Terraform Drives industry best practices and approaches to implementing infrastructure as code (IaC) specific, but not limited to Kubernetes infrastructure provisioning Actively engages and participates in technology forums related to Continuous Delivery, GitOps, DevOps and DevSecOps initiatives Provides sound recommendations to improve and/or implement best practices for supporting Onyx Toolchain strategy and initiatives Experience developing infrastructure and automation solutions in an always up, always available environment Hands-on keyboard coding as requiredRequired Skills: Experience in Java Application Support (Mandatory) Experience in Monitoring of the Java Application Post Production Deployment (Mandatory) Experience working in a DevSecOps (SAST & DAST) capacity within a large organization Minimum 3 years of hands-on experience with deploying and monitoring applications in A