DevSecOps Engineer

About the role

We are looking for a senior DevSecOps Engineer to design and implement secure, multi‑cloud infrastructure across AWS and Alibaba Cloud. You will lead the creation of security‑first solutions, from CI/CD pipelines to automated incident response, ensuring compliance and resilience at scale.

Key responsibilities

• Design and provision secure multi‑cloud environments using Terraform and Terragrunt, embedding security best practices.
• Build and maintain CI/CD pipelines with integrated SAST/DAST testing and security gates.
• Architect Azure Sentinel SIEM with Logic Apps for automated threat detection and response.
• Implement Cloudflare Zero Trust network architecture, tunnels, and policies.
• Create IaC templates for hardened Kubernetes clusters, including network policies and RBAC.
• Deploy secrets management solutions using AWS Secrets Manager and HashiCorp Vault.
• Set up centralized logging and monitoring with the ELK stack and FluentBit.
• Develop automated vulnerability scanning, remediation workflows, and database hardening for MySQL, PostgreSQL, and Redis.
• Design backup, disaster‑recovery, and encryption controls for critical workloads.

Required profile

• 10+ years of infrastructure security or DevSecOps experience in enterprise settings.
• Deep expertise with AWS security services (GuardDuty, Security Hub, Config, etc.).
• Strong knowledge of Kubernetes security (Pod Security Standards, Network Policies, RBAC).
• Hands‑on experience with Terraform/Terragrunt, Cloudflare Zero Trust, and Azure Sentinel.
• Proven track record in building secure CI/CD pipelines and supply‑chain security.
• Security certifications (CISSP, CCSP, AWS Security Specialty, etc.) are a plus.

Required skills

• Terraform / Terragrunt
• AWS (GuardDuty, Security Hub, Config, EKS, ECR, RDS, EC2, ECS, S3)
• Alibaba Cloud
• Azure Sentinel & Logic Apps
• Cloudflare Zero Trust
• Kubernetes security (Pod Security Standards, Network Policies, RBAC)
• HashiCorp Vault & AWS Secrets Manager
• ELK stack & FluentBit
• SAST / DAST tools
• Python, Go, Bash scripting
• CI/CD platforms (e.g., Jenkins, GitLab CI)
• Database security (MySQL, PostgreSQL, Redis)