Senior DevSecOps Engineer

Job Title: Senior DevSecOps Engineer

 Location: India
Employment Type: Full-Time
Department: Customer Operations

About the Role

We are seeking an exceptional Senior DevSecOps Engineer to lead the design, implementation, and oversight of our company’s security posture across infrastructure, software delivery, and operational practices. This is a senior technical role that blends deep cloud native engineering skills with strong strategic and leadership capabilities in cybersecurity.

You’ll serve as a key security authority, responsible for embedding security into every layer of our technology stack, while also helping define our broader security strategy and risk management posture. You’ll work cross-functionally with Engineering, DevOps, Product, and Executive Leadership to ensure security is not just an add-on but a core component of how we build and operate.

This role is perfect for someone ready to step into a Principal Architect-track position while remaining hands-on with modern cloud-native and infrastructure-as-code technologies.

 

Key Responsibilities

Strategic Leadership

• Define and drive the organization’s security strategy across infrastructure, application, and operational domains.
   
• Serve as a subject matter expert in security to executive leadership and participate in strategic risk and compliance planning.
   
• Develop and maintain the company’s overall security posture, policies, frameworks, and roadmaps.
   
• Lead security architecture reviews, threat modeling, and enterprise risk assessments.
   

DevSecOps Execution

• Integrate security across the entire software development lifecycle (SDLC), including CI/CD pipelines, IaC templates, and container orchestration platforms.
   
• Establish and automate controls for static and dynamic code analysis, vulnerability scanning, dependency management, and container image validation.
   
• Enforce and evolve security baselines for systems, services, and infrastructure (e.g., Kubernetes, OpenStack, Linux).
   
• Design and operate secure identity, secrets management, and privileged access control systems (e.g., HashiCorp Vault, SSO, RBAC) and ensure the product code base adheres to best practices.
   
• Drive secure configuration management and implement zero-trust principles.
   

Monitoring, Response, and Compliance

• Define incident detection and response processes, tools, and runbooks; support investigation and remediation of incidents.
   
• Shape and define compliance team’s initiatives to support audits and demonstrate alignment with frameworks such as SOC2, ISO 27001, NIST, or CIS.
   
• Lead security awareness initiatives and build a security-first culture throughout the organization.