Devsecops Lead (Remote)

Position Type: Full-Time

About the Role:

We are seeking an experienced and security-focused DevSecOps Lead to join our team. This role is pivotal in ensuring the seamless integration of security into all stages of our DevOps pipeline, with a particular focus on Google Cloud Platform (GCP) and Amazon Web Services (AWS) environments. The ideal candidate will prioritize security while driving operational efficiency, automation, and scalability.

The DevSecOps Lead will be responsible for collaborating with cross-functional teams, defining security strategies, and embedding security practices into our infrastructure and applications, while maintaining a deep focus on cloud security best practices and governance.

Key Responsibilities:

• Security Leadership: Drive the adoption of security-first principles in DevOps processes, ensuring robust security postures in GCP and AWS environments.
• Cloud Security Architecture: Design, implement, and maintain secure cloud architectures, ensuring adherence to the latest security best practices and industry standards for both GCP and AWS.
• Infrastructure as Code (IaC): Develop and manage secure IaC deployments using tools like Terraform, CloudFormation, or GCP Deployment Manager.
• Automation & Monitoring: Lead initiatives to automate security processes, including vulnerability scanning, compliance monitoring, and incident response.
• CI/CD Pipeline Security: Integrate security controls into CI/CD pipelines, ensuring seamless delivery without compromising security standards.
• Governance & Compliance: Ensure cloud environments comply with security policies, frameworks (e.g., CIS, NIST, SOC2), and industry regulations, implementing necessary audits and compliance measures.
• Incident Response & Threat Detection: Develop and manage cloud security incident response plans, perform threat detection, and lead mitigation efforts.
• Collaboration & Mentorship: Work closely with DevOps, engineering, and security teams to promote a culture of security and provide training and mentorship on secure DevOps practices.
• Vulnerability Management: Identify, assess, and prioritize cloud security risks, leading the effort to remediate vulnerabilities across all layers of the stack.

Required Qualifications:

• 5+ years of experience in DevOps, DevSecOps, or Cloud Security, with a strong focus on GCP and AWS.
• Deep understanding of cloud security architecture and best practices for both GCP and AWS environments.
• Expertise in Infrastructure as Code (IaC), security automation, and cloud configuration management.
• Hands-on experience with CI/CD pipelines, integrating security checks such as static and dynamic analysis tools.
• Strong understanding of network security, IAM policies, and cloud governance principles in multi-cloud environments.
• Proven ability to implement and manage cloud security monitoring, alerting, and incident response systems.
• Knowledge of container security (Kubernetes, Docker) and experience in securing microservices architectures.
• Experience with security compliance frameworks (CIS, NIST, SOC2, etc.) and managing audits in cloud environments.
• Experience with cloud security tools such as AWS Security Hub, GCP Security Command Center, or third-party security platforms.

Preferred Qualifications:

• GCP Professional Cloud Security Engineer and/or AWS Certified Security – Specialty certification.
• Proficiency with Terraform, Ansible, Puppet, or other infrastructure automation tools.
• Strong experience with SAST, DAST, and other vulnerability scanning tools.
• Knowledge of DevOps tools like Jenkins, GitLab, and CircleCI.
• Experience in cloud incident management and forensic investigations.
• Strong scripting and automation skills in languages such as Python, Go, or Bash.

What We Offer:

• Competitive salary and benefits package
• Opportunity to work with cutting-edge cloud security technologies
• Flexible, remote work environment with a focus on work-life balance
• Continuous learning and professional development opportunities

If you’re passionate about cloud security and eager to drive security-first DevSecOps practices in a dynamic, innovative environment, we want to hear from you!