DevSecOps Engineer (Cloud Security, GCP, Terraform)

Noblesoft Technologies • Austin, TX, US • 3m ago

Job Title: DevSecOps Engineer (Cloud Security & Compliance Focus)

Austin, TX (Onsite)

Summary

We are seeking a highly motivated and security-conscious DevSecOps Engineer to join our team. You will be a critical part of our security and compliance efforts, ensuring the integrity and confidentiality of our systems and data. Your hands-on experience with Istio, Envoy, Kubernetes, and Terraform, coupled with your security penetration testing or automated API testing experience, makes you an ideal candidate to drive our security initiatives in a cloud-native environment.

Responsibilities

Security Architecture and Implementation:
- Design and implement secure cloud-native architectures with a focus on Istio service mesh and Kubernetes container orchestration.
- Harden and secure containerized workloads and microservices using best practices.
- Leverage Terraform for infrastructure as code (IaC) deployments, ensuring security is baked into the process from the start.
- Implement security controls and monitoring solutions to detect and respond to potential threats.
Compliance and Security Auditing:
- Collaborate with security and compliance teams to ensure adherence to industry standards and regulations.
- Conduct regular security audits and penetration testing to identify vulnerabilities and recommend remediation strategies.
- Develop and maintain documentation for security policies, procedures, and incident response plans.
DevSecOps Integration:
- Integrate security practices and tools into the CI/CD pipeline to automate security testing and vulnerability scanning.
- Implement and maintain security tools for code analysis, dependency management, and vulnerability tracking.
- Promote a culture of security awareness and collaboration within the development and operations teams.
Incident Response:
- Participate in incident response activities, including investigation, containment, and recovery.
- Analyze security incidents and identify root causes to prevent future occurrences.

Qualifications

Hands-on Experience:
- Strong practical experience with Istio service mesh, Envoy proxy, Kubernetes, and Terraform.
- Proficiency in security penetration testing methodologies or automated API testing tools.
- Familiarity with cloud security best practices and cloud-native technologies.
Security and Compliance Knowledge:
- Understanding of security principles, vulnerabilities, and mitigation techniques.
- Knowledge of industry security standards and compliance regulations.
- Experience in conducting security audits and vulnerability assessments.
Passion for Security:
- A strong desire to stay abreast of the latest security trends and technologies.
- Enthusiasm for sharing knowledge and promoting security best practices within the team.
Strong Communication and Collaboration:
- Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
- Excellent teamwork and collaboration skills, working effectively with cross-functional teams.