SecDevOps Engineer - Noida, India

MoneyMul is looking for a dedicated and skilled SecDevOps Engineer to enhance the synergy between development, operations, and security. This role is crucial for maintaining secure CI/CD pipelines and infrastructure, ensuring security is integrated by design. You will be responsible for implementing 'shift-left' security principles by automating security checks, managing vulnerabilities, and ensuring adherence to industry compliance standards without hindering development speed.

Key Responsibilities

• Secure CI/CD Implementation: Design, build, and maintain CI/CD pipelines, embedding automated security testing tools like SAST, DAST, and SCA (e.g., SonarQube, OWASP ZAP) into the development workflow.
• Infrastructure Security: Manage Infrastructure as Code (IaC) using tools like Terraform or Ansible, prioritizing security compliance and hardening measures such as encrypted storage and least privilege access.
• Vulnerability Management: Proactively identify, scan, and remediate vulnerabilities (CVEs) in infrastructure and applications. Collaborate with development teams to address code-level security issues.
• Identity & Access Management (IAM): Configure and audit cloud access policies (AWS/Azure/GCP) to strictly enforce the Principle of Least Privilege.
• Container Security: Implement robust security for containerized environments (Docker/Kubernetes), including image scanning and runtime security policies.
• Incident Response: Actively participate in security incident response procedures, conducting root cause analysis for security breaches or anomalies.
• Compliance & Audit: Ensure all infrastructure and deployments meet recognized security standards (ISO 27001, SOC2, GDPR) and support technical audit processes.

Requirements

• Experience: Possess 2-7 years of professional DevOps experience with a strong, demonstrable focus on CI/CD and security. Excellent scripting and automation skills are essential.
• DevOps Toolchain: Extensive hands-on experience with CI/CD platforms (Jenkins, GitLab CI, GitHub Actions) and version control systems (Git).
• Security Tools: Proficiency in utilizing security scanning tools such as SonarQube, Trivy, OWASP ZAP, Burp Suite, or Snyk.
• Cloud Security: A solid understanding of cloud security principles and models across GCP, AWS, or Azure, including Security Groups, IAM, and VPC configurations.
• Scripting: Advanced proficiency in Python, Bash, or Go for automating security-related tasks.
• Containerization: Proven experience in securing Docker containers and Kubernetes clusters.
• Vulnerability Knowledge: Familiarity with OWASP Top 10 vulnerabilities and effective mitigation strategies.

Preferred Skills (Good To Have)

• Certifications: Holding a Certified DevSecOps Professional (CDP) or equivalent certification is advantageous.
• Monitoring: Experience with security monitoring and SIEM tools like Splunk, ELK Stack (for security logs), or Wazuh.
• Policy as Code: Familiarity with Policy as Code tools such as Open Policy Agent (OPA) or Sentinel.
• Compliance: Basic knowledge of regulatory frameworks including HIPAA, PCI-DSS, or GDPR.

Benefits

• Impactful Work: Contribute to projects that are utilized by over 100 leading MNC companies and a vast customer base exceeding 10 million.
• Direct Collaboration: Engage directly and communicate closely with the Founding Team.
• Optimal Work Structure: Benefit from a consistent 5-day working schedule.
• Professional Development: Access continuous growth opportunities through eLearning, workshops, and the application of advanced AI in daily operations.
• Comprehensive Well-being: Receive on-demand comprehensive health insurance with a top-up option available for parents, spouse, and children.
• Dynamic Environment: Thrive in a fast-paced startup atmosphere, offering diverse responsibilities, skill development, and the chance to make a significant impact.