Job Title: Devsecops EngineerLocation: PuneExperience Required: 4-5 YearsBudget- Open Immediate JoinerJob Overview:The DevSecOps Engineer will be pivotal in embedding security into the DevOps pipeline, working closely with development, operations, and security teams. This role involves fostering a culture of security awareness and implementing DevSecOps best practices to ensure secure, efficient, and scalable deployments. By setting up and managing a suite of on-premises DevSecOps tools, the engineer will play a key role in enhancing the organizations security posture and supporting the overall goals of reliability, speed, and resilience in software delivery.Key Responsibilities:Collaboration and Advocacy: Partner with development, operations, and security teams to promote security awareness and DevSecOps principles.CI/CD Pipeline Development: Build and maintain secure CI/CD pipelines using Jenkins, GitLab, and SonarQube, automating all stages of the software development lifecycle.Infrastructure as Code (IaC): Implement and manage configuration with Ansible and cloud infrastructure provisioning with Terraform to create scalable, repeatable environments.Container Orchestration: Utilize Kubernetes to manage and scale applications in production, ensuring efficient deployment of containerized workloads.Vulnerability Management: Configure and manage security scanning tools like Clair, Trivy, OWASP Dependency Check, and OWASP ZAP to detect and address vulnerabilities early in the development lifecycle.Secrets Management: Secure sensitive data using tools such as GitSecrets and TruffleHog to avoid accidental exposure of credentials within code repositories.Security Monitoring and Compliance: Integrate SonarQube for continuous code quality checks and ensure security compliance with industry standards.Security Workflow Automation: Develop scripts and automation processes to integrate security tools within DevOps workflows, improving the security stance without affecting deployment speed.Microservices Management: Oversee multiple repositories hosting Python-based microservices, deploying them on Kubernetes while ensuring high standards of performance and maintainability.Database and Artifact Management: Implement and secure Apache Kafka clusters, manage Redis databases, and integrate Sonatype Nexus for artifact repository management.Security Testing: Conduct security assessments and vulnerability testing using Burp Suite, helping to identify and mitigate security risks in applications.QualificationsEducation & Experience:Bachelors degree in Engineering, Computer Science, or a related field.Minimum of 3+ years of experience in DevOps with strong focus on Kubernetes and Docker.Hands-on experience with DevOps tools, Helm, Kubernetes, and container orchestration.Skills & CompetenciesTechnical Skills (Mandatory):Kubernetes,Helm,Ansible,Zot,Git Hub,SonarQube,OWASAP,Clair,TrivyStrong understanding of Linux atleast 3+ yrsSecure CI/CD pipeline development with Jenkins, GitLab, and SonarQube 2+ YrsProficiency in Ansible (IaC) 2+ yrsKubernetes for container orchestration3+Familiarity with vulnerability scanning tools (Clair, Trivy, OWASP Dependency Check).2+ YrsSecrets management tools like GitSecrets and TruffleHog 2+ YrsContinuous code quality and compliance monitoring using SonarQube 2+ yrsAutomation skills for integrating security tools into DevOps workflows 3+ yrsExperience with Apache Kafka and Redis for secure configuration and performance optimization 1+ yrsArtifact repository management using Sonatype Nexus 2+ yrsAdded AdvantageOffline setup.Soft Skills (Mandatory):Strong team player with excellent communication skills.Ability to work collaboratively in cross-functional teams, bridging gaps between departments.