DevSecOps Engineer Jobs

DevSecOps Experience: Minimum 5+ years of hands-on experience in DevSecOps, cloud engineering, or operations roles, with demonstrated expertise in integrating security into continuous integration and continuous deployment pipelines. Multi-Cloud Expertise: Strong proficiency in implementing security controls and managing compliance across AWS (preferred), Azure, and GCP platforms, including deep knowledge of identity services (IAM, Workload Identity), network security, and data protection offerings. Infrastructure as Code and Automation: Expertise with infrastructure-as-code tools such as Terraform, CloudFormation, or Ansible, with ability to implement automated security compliance checking and remediation across cloud platforms. CI/CD and DevOps Tools: Extensive experience with CI/CD platforms (Jenkins, AWS CodePipeline, GitHub Actions, Azure DevOps) and container orchestration tools (Docker, Kubernetes), including implementation of security scanning and policy enforcement. Programming and Scripting: Proficiency in scripting and programming languages commonly used in automation and security tooling, such as Python, Bash, or Go, with ability to develop custom solutions and automation frameworks. Security Testing and Scanning: Expertise in security testing methodologies, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and container scanning tools. Cloud Security Standards: Deep knowledge of security best practices, compliance frameworks (SOC 2, ISO 27001, CIS Benchmarks, OWASP), and regulatory requirements relevant to financial services and data protection (GDPR, data residency requirements). API and Application Security: Understanding of secure API design principles, authentication protocols (OAuth, SAML, mTLS), encryption standards, secrets management solutions, and application security testing frameworks. Networking and Infrastructure Security: Strong understanding of network security principles, including VPCs, firewalls, network segmentation, DDoS protection, SSL/TLS, VPN, and network monitoring solutions. Incident Response and Forensics: Experience developing incident response procedures, conducting security investigations, analyzing logs, and implementing threat detection and monitoring capabilities. Container and Kubernetes Security: Knowledge of container security best practices, image scanning, runtime security, policy enforcement, and securing Kubernetes environments across cloud platforms.

ESSENTIAL DUTIES AND RESPONSIBILITIES:1. Perform Application, API and Microservices Pentest2. Perform Network Pentest (Internal and External)3. Perform Mobile App Pentest, Mobile Assessments,4. Threat Modelling, Legal Reviews,5. Reporting and the PoCs of the vulnerabilities, and Documentation,6. Coordinate with various stakeholders,7. Perform R&Ds8. Other Security AnalysisMandatory Requirements:1. Relevant Experience in Security Domain: 3+ Years.2. Proven expertise & track record in Web Application Penetration testing (Web, Mobile.3. API/Web Services on JAVA & .Net) through DAST Manual approach.4. Proven expertise & track record in Mobile Application Penetration testing (Web, Mobile. API/Web Services on JAVA & .Net) through DAST Manual approach.5. Hands-on experience in DAST tools, API (SOAPUI, PostMan).6. Experience in DAST Manual Assessments, Threat Model and Penetration Testing.7. Good Network Pentest skills-sets for external and internal networks.8. Excellent written and verbal communication skills.Preferred Skillsets:1. Hands-on experience of DevSecOps.2. Good Knowledge of Java, .NET, SQL queries (Oracle, PostgreSQL etc).3. Experience in Automating Security tasks using Python or Java Frameworks and System/Network Exploitation is a bonus.4. Experience in Red Teaming.5. Handson experience, knowledge and understanding of Security Frameworks.6. Handson experience on MS Tools.

About FlytBase:FlytBase is a global leader in drone automation technology. We build solutions that enable enterprises to deploy fully autonomous drones at scale, solving real-world problems in logistics, surveillance, inspections, and more.Key Responsibilities:Design, build, and manage secure CI/CD pipelines for automated deployments.Implement and automate security updates and patches across the cloud environment.Manage containerized applications using Docker and orchestration with Kubernetes.Build secure cloud infrastructures on AWS with a focus on scalability and high availability.Ensure compliance with security standards such as SOC II, ISO27001, and GDPR.Monitor system performance, detect vulnerabilities, and implement robust security measures.Collaborate with the development team to ensure seamless integration of security practices.Required Skills:Hands-on experience with CI/CD tools (e.g., Jenkins, GitHub Actions, GitLab CI/CD).Strong understanding of cloud platforms, preferably AWS.Proficiency in containerization technologies (Docker, Kubernetes).Knowledge of scripting languages (Python, Bash, or Ruby).Familiarity with security best practices, vulnerability management, and compliance standards.Basic understanding of networking, firewalls, and operating systems.Preferred Qualifications:Prior experience in DevOps, DevSecOps, or cloud development.Certifications in AWS, Kubernetes, or DevOps tools are a plus.Why Join Us?Work on cutting-edge drone technology in a fast-paced, startup environment.Flexible work hours and professional autonomy.Opportunity to grow and make a real impact in the field of drone automation.How to Apply:Send your CV and a brief cover letter to nishtha.joshi@flytbase.com

Well trust you to:*Implement highly secure public cloud infrastructure and services following repeatable and sustainable processes and ensure the availability, performance, and security of all cloud systems.*Partner and collaborate with the software development and data warehouse teams to support customer systems, provide architectural guidance, select appropriate cloud technologies, and minimize delivery time.*Provide data integrity through appropriate backup and disaster recovery solutions and support periodic testing and recovery exercises.*Establish system monitoring, logging, and alerting; respond to, investigate, and address issues.*Help define and document cloud best practices and assist with financial accounting and cost optimization.*Be available on weekends once or twice each month to perform maintenance activities; comp off provided for any weekend time worked.Youll need to have:*4-8 years' experience administering public cloud and/or IT infrastructure with at least 2 years supporting Azure-based solutions.*In-depth expertise using and managing Azure Compute (App Services, Virtual Machines, Kubernetes), SQL Database, Blob Storage, and Network (Azure Firewall, VPN, Load Balancer, Private Link ) services.*Experience with native Azure management (Azure Blueprints, Policy, Monitor, and Backups) and security tools (Azure Security Center, Sentinel, Defender, Key Vault) and proficiency with Azure Active Directory.*Familiar with DevSecOps, automation, and infrastructure-as-code approaches using technologies such as Azure Automation and DevOps, and Powershell DSC.*Knowledge of at least one scripting/programming language required; Python or Powershell preferred.*Azure certifications are a plus.

Experience :7+yearsWork Mode:Work From Office Interview Mode: VirtualLocation :Bangalore Notice period 0 to 15 daysRoles and Responsibilities: Building Infrastructure as Code (IAC) for applications cloud infrastructure leveraging Terraform. Building end to end continuous integration (CI) and continuous deployment (CD) pipelines for public cloud deployments with a GitOps mindset Analyze, triage, and manage incoming security events based on various data points, log sources, and network statistics. Setup observability and telemetry leading to the build out of SEIM solution. Participate in chaos engineering to test application resiliency. Defines the set of declarative modules for infrastructure provisioning via Terraform Acts as an owner and SME for all things related to Kubernetes, Helm Charts, EKS, and Terraform Drives industry best practices and approaches to implementing infrastructure as code (IaC) specific, but not limited to Kubernetes infrastructure provisioning Actively engages and participates in technology forums related to Continuous Delivery, GitOps, DevOps and DevSecOps initiatives Provides sound recommendations to improve and/or implement best practices for supporting Onyx Toolchain strategy and initiatives Experience developing infrastructure and automation solutions in an always up, always available environment Hands-on keyboard coding as requiredRequired Skills: Experience in Java Application Support (Mandatory) Experience in Monitoring of the Java Application Post Production Deployment (Mandatory) Experience working in a DevSecOps (SAST & DAST) capacity within a large organization Minimum 3 years of hands-on experience with deploying and monitoring applications in A