Security Engineer

Location: Bengaluru

Security Engineer

ROLE DETAILS

•

Title:

Dev Sec Ops  Contractor

•

Location:

Remote / Onsite (as business needs dictate)

• Start:  February

• Primary Tools:  Git Lab Ultimate, Docker/Kubernetes, Terraform/Ansible, Sonar Qube, Black Duck or Nexus Lifecycle (SCA), Snyk or Trivy, OWASP ZAP
ROLE OVERVIEW
Drive security‑by‑design across Git Lab CI/CD and enforce guardrails that ensure application security, compliance, and reliable delivery. The role covers vulnerability management, pipeline security, standardized secure SDLC practices, transition planning from legacy tools to Git Lab‑native capabilities, and close collaboration with Info Sec, Cloud Platform, and Product teams.

KEY RESPONSIBILITIES
Pipeline Security & Automation

• Implement and maintain automated  SAST ,  DAST ,  SCA , container scanning, and secret detection in Git Lab CI/CD

• Enforce policy‑as‑code: branch protection, MR approvals, vulnerability gates, artifact signing
Vulnerability Management

• Run periodic assessments and secure code reviews; triage findings; publish remediation plans; track SLAs to closure

• Coordinate with product management and engineering to prioritize fixes
Compliance & Governance

• Align controls and evidence with  CIS ,  NIST , and (where applicable)  GDPR

• Enable audit‑ready reporting and  SBOM  generation; integrate security KPIs into observability dashboards
Infrastructure & Cloud Security

• Implement secure IaC (Terraform/Ansible/Cloud Formation); apply least‑privilege and zero‑trust patterns

• Harden build runners, container images, registries, and deployment targets
Enablement & Culture

• Champion 'shift‑left' security via playbooks, training, and standard tool chains

• Document security runbooks; contribute to SDLC harmonization standards
MUST‑HAVE QUALIFICATIONS

• Hands‑on expertise with  Git Lab Ultimate  security features and CI/CD administration

• Proven experience embedding  SAST/DAST/SCA  into pipelines and gating releases on risk thresholds

• Direct exposure to SCA tools (e.g.,  Black Duck ,  Nexus Lifecycle /OSS Index,  Snyk ) and code quality ( Sonar Qube )

• Strong scripting/automation ( Python ,  Bash ,  YAML )

• Container & cloud security fundamentals (Docker/Kubernetes, registry hardening, image scanning, runtime policies)

• Threat modeling, risk assessment, and remediation planning
PREFERRED / NICE‑TO‑HAVE

•

Certifications:

Dev Sec Ops  Professional,  CKS ,  Security+ , or similar

• IaC security experience (Terraform +  OPA / Conftest / Checkov )

• Supply‑chain security:  SBOM  practices and artifact signing ( Cosign ), familiarity with  SLSA

• Familiarity with  DORA  metrics and security KPI reporting