Key Responsibilities
Pipeline & Automation (Primary Focus)
- Design, implement, and maintain CI/CD pipelines (GitLab CI, GitHub Actions, Jenkins) for building, testing, and deploying hardened Linux images (Amazon Linux 2, Ubuntu LTS, Oracle Enterprise Linux).
- Integrate security gates into pipelines and automatically fail builds that do not meet security thresholds using vulnerability scan results (Nessus, Qualys, Tenable).
- Implement shift-left security by integrating SAST, DAST, and SCA tools (SonarQube, Snyk, Checkmarx, OWASP Dependency-Check) to provide developers with rapid security feedback.
Infrastructure & Security Automation
- Develop and manage modular Terraform modules (50+ modules at scale) to provision secure infrastructure that adheres to NIST 800-53, DISA STIG, and CIS benchmarks across AWS/Azure
environments.
- Automate CSPM workflows (Wiz, Prisma Cloud, AWS Security Hub) with serverless functions (Lambda, Azure Functions) for auto-remediation and human approval for high-risk changes.
- Maintain configuration compliance across hybrid cloud environments with Ansible, Chef, or Puppet, including drift detection and automated remediation.
Security & Compliance Integration
- Automate vulnerability lifecycle management, including scan ingestion, risk assessment, remediation tracking, and compliance reporting.
- Implement observability and monitoring (ELK Stack, Prometheus/Grafana, CloudWatch) for real-time visibility into security posture, infrastructure health, and deployment metrics.
Required Qualifications
- 3-5 years in DevOps, SRE, or Platform Engineering with a focus on security automation
- Cloud Infrastructure: Hands-on AWS/Azure experience, including VPC/VNet architecture, IAM role/policy design, serverless automation
- Infrastructure as Code: Experience managing Terraform codebases with multiple modules/environments
- Configuration Management: Real-world experience with Ansible, Chef, or Puppet enforcing compliance at scale
- Scripting & Automation: Advanced Python and Bash for complex workflows
- Containerization: Docker proficiency, including image security practices
- CI/CD Platforms: Hands-on experience building multi-stage pipelines
- Version Control: Git workflow expertise and GitOps principles
- Security Knowledge: Familiarity with NIST 800-53, DISA STIGs, CIS Benchmarks, vulnerability scanning, and shift-left security
Nice To Have
- Kubernetes (EKS/AKS), CSPM tools (Wiz, Prisma Cloud, Aqua, Orca), multi-cloud management, incident response experience
- Certifications: AWS DevOps Engineer – Professional, AWS Security Specialty, Terraform Associate, CKA/CKS, Linux certifications
What Success Looks Like: Within 90 Days:
- Build and deploy CI/CD pipelines with security gates achieving >95% success rate
- Automate vulnerability remediation, reducing response time from days to hours
- Establish drift detection and auto-remediation for at least one critical workload
Within 6 Months
- Migrate 3–5 critical applications to hardened baselines with zero security exceptions
- Implement a full observability stack for real-time security posture visibility
- Reduce manual security remediation efforts by 60%+ through intelligent automation
