DevSecOps Engineer - Hyderabad, India

ServCrust is seeking a highly technical and security-conscious DevSecOps Engineer to join our team in Hyderabad, Telangana, India. This full-time, onsite position focuses on integrating, automating, and operationalizing security throughout our CI/CD pipelines and cloud-native environments. You will serve as a critical link between engineering and security, ensuring security controls, guardrails, and best practices are embedded across the Software Development Life Cycle (SDLC). This is a hands-on role involving daily monitoring, pipeline security enforcement, vulnerability triage, and providing support to development teams for secure delivery.

Key Responsibilities

Secure DevOps Operation

• Monitor CI/CD pipelines for policy violations, secret leakage, insecure configurations, and bypass attempts.
• Review SAST/DAST/IAST scan results (e.g., SonarQube, Checkmarx, ZAP, OWASP Dependency-Check) and collaborate with developers on prioritizing fixes.
• Analyze container security reports and provide recommendations for base-image hardening.
• Conduct Infrastructure as Code (IaC) security reviews for Terraform and CloudFormation templates.
• Maintain and enforce pipeline security guardrails, including code signing, mandatory static analysis, and approval stages.
• Monitor cloud and pipeline security dashboards for anomalous activities.
• Respond promptly to real-time security findings within CI/CD pipelines and cloud workloads.

Security Automation and Collaboration

• Implement automated security checks, quality gates, and policy-as-code controls within CI/CD pipelines.
• Manage a JIRA vulnerability board and track remediation Service Level Agreements (SLAs).
• Develop automation scripts (Python, Bash, Groovy) to streamline manual security tasks.
• Collaborate with development and platform teams on secure coding practices, dependency hygiene, and secure deployment strategies.
• Participate in threat modeling, architecture reviews, and secure design discussions.
• Document pipeline security procedures, runbooks, and developer guidance.
• Evaluate emerging security tools, conduct Proofs of Concept (POCs), and integrate selected solutions.

Qualifications

• 2-4 years of experience in DevSecOps, Application Security (AppSec), or Security Engineering.
• Solid understanding of CI/CD workflows and security integration principles.
• Hands-on experience with scripting and automation using Python, Bash, Groovy, and YAML pipelines.
• Familiarity with cloud-native deployments and vulnerability management processes.
• Knowledge of secure coding practices and SDLC best practices.
• Understanding of OWASP Top 10, SANS CWE 25, and container security benchmarks.

If you are interested, please send your resume to [HIDDEN TEXT].

Visit our website: www.servcrust.com