SecDevOps Engineer

SecDevOps Engineer - Noida, India

MoneyMul is seeking a vigilant and skilled SecDevOps Engineer to join our team in Noida, India. This role is crucial for bridging the gap between development, operations, and security. You will be responsible for maintaining and securing our CI/CD pipelines and infrastructure, ensuring security is integrated by design. Your contributions will focus on shifting security left, automating security checks, managing vulnerabilities, and aligning our infrastructure with industry compliance standards without compromising development velocity.

Key Responsibilities

• Secure CI/CD Implementation: Design and maintain CI/CD pipelines, integrating automated security testing tools like SAST, DAST, and SCA (e.g., SonarQube, OWASP ZAP) into the build process.
• Infrastructure Security: Manage Infrastructure as Code (IaC) using tools such as Terraform or Ansible, with a strong emphasis on security compliance and hardening (e.g., ensuring encrypted storage, enforcing least privilege access).
• Vulnerability Management: Proactively monitor, scan, and patch infrastructure and applications for vulnerabilities (CVEs). Collaborate with development teams to remediate code-level security issues.
• Identity & Access Management (IAM): Configure and audit cloud access policies (AWS/Azure/GCP) to strictly enforce the Principle of Least Privilege.
• Container Security: Secure containerized environments (Docker/Kubernetes) by implementing robust image scanning and runtime security policies.
• Incident Response: Actively participate in security incident response activities and conduct root cause analysis for security breaches or anomalies.
• Compliance & Audit: Ensure infrastructure and deployments adhere to security standards (ISO 27001, SOC2, or GDPR) and provide support for technical audits.

Requirements

• Experience: 2-7 years of professional experience in DevOps, with a strong focus on CI/CD and Security, complemented by excellent scripting and automation skills.
• DevOps Toolchain: Strong hands-on experience with CI/CD tools such as Jenkins, GitLab CI, and GitHub Actions, alongside proficient use of Version Control systems like Git.
• Security Tools: Proficiency with security scanning tools including SonarQube, Trivy, OWASP ZAP, Burp Suite, or Snyk.
• Cloud Security: Solid understanding of cloud security models (GCP/AWS/Azure), including configurations for Security Groups, IAM, and VPCs.
• Scripting: Strong proficiency in Python, Bash, or Go for automating security-related tasks.
• Containerization: Experience in securing Docker containers and Kubernetes clusters.
• Vulnerability Knowledge: Familiarity with OWASP Top 10 vulnerabilities and their mitigation strategies.

Preferred Skills (Good To Have)

• Certifications: Any Certified DevSecOps Professional (CDP) or equivalent certification.
• Monitoring: Experience with security monitoring and SIEM tools (e.g., Splunk, ELK Stack for security logs, Wazuh).
• Policy as Code: Experience with tools like Open Policy Agent (OPA) or Sentinel.
• Compliance: Basic understanding of regulatory frameworks such as HIPAA, PCI-DSS, or GDPR.

Benefits

• Impactful Work: Opportunity to contribute to projects utilized by over 100 top MNC companies and a vast customer base of over 10 million.
• Direct Collaboration: Engage and communicate directly with the Founding Team.
• Optimal Work Structure: Enjoy a balanced 5-day working schedule.
• Professional Development: Commitment to your growth through eLearning, workshops, and the application of advanced AI models in daily operations.
• Comprehensive Well-being: Access to on-demand comprehensive health insurance coverage, with a top-up facility for parents, spouse, and children.
• Dynamic Environment: Thrive in a startup environment that offers diverse responsibilities, continuous learning, and the chance to make a significant impact.