Security & Devops Engineer

About The Role

Dodo Payments is seeking a motivated DevSecOps Engineer to enhance our infrastructure and security across cloud and CI/CD environments. The ideal candidate will possess hands-on expertise in Kubernetes, cloud-native security, and compliance automation. Strong technical skills in vulnerability management, observability, and secure software delivery, aligning with PCI-DSS and SOC 2 standards, are essential for this role.

Key Responsibilities

• Design, implement, and secure CI/CD pipelines, adhering to DevSecOps principles and GitOps workflows using ArgoCD.
• Integrate security tools within build and deployment pipelines for SAST, DAST, dependency scanning, and CVE management.
• Manage and harden containerized workloads on Kubernetes and Docker, implementing runtime security controls and robust RBAC policies.
• Automate compliance checks and audit data collection to ensure readiness for PCI DSS and SOC 2 certifications.
• Deploy, monitor, and secure infrastructure hosted on AWS, GCP, or Azure platforms.
• Configure and operate observability and security monitoring tools, including Prometheus, Grafana, OpenTelemetry, Loki, and Wazuh.
• Collaborate with the security team to establish effective threat detection, incident response, and log correlation workflows utilizing SIEM tools.
• Strengthen cluster and network security by implementing Istio, NetworkPolicies, and zero-trust design principles.

Required Skills & Qualifications

• A minimum of 13 years of experience in DevSecOps, Security Engineering, or Cloud Security positions.
• A profound understanding of Kubernetes, Docker, Linux, and fundamental networking concepts.
• Demonstrated experience with security scanning, vulnerability management, and automating CVE patching.
• Working knowledge of GitOps (ArgoCD), CI/CD tools such as GitHub Actions and Jenkins, and securing IaC practices with Terraform and Helm.
• Familiarity with cloud provider security services, including AWS IAM, Security Hub, and GCP Security Command Center.
• Understanding of monitoring, alerting, and tracing stacks like Prometheus, Grafana, Loki, and OpenTelemetry.
• Practical exposure to compliance frameworks such as PCI DSS and SOC 2, including audit readiness procedures.
• Exceptional debugging, documentation, and cross-functional communication abilities.

Good to Have

• Hands-on experience with vulnerability and scanning tools like Wazuh and Trivy.
• Knowledge of service mesh security, including Istio mTLS and certificate rotation.
• Exposure to SIEM, threat intelligence, or incident response workflows.
• Relevant cloud certifications (AWS/GCP/Azure) or Kubernetes certifications (CKA/CKS) are advantageous.