Senior DevSecOps Engineer

Pipeline Security & Automation 

Design, implement, and maintain security testing tools within our CI/CD pipelines (GitLab CI).

Review and tune our Mend.io deployment : SAST (Static Application Security Testing), DAST (Dynamic AST), and SCA (Software Composition Analysis) tools to catch vulnerabilities before deployment.

Ensure "fail-fast" mechanisms are in place so developers receive immediate feedback on security regressions.

Threat Modeling & Architecture

Lead Threat Modeling workshops with engineering teams during the design phase of new features.

Advocate for "Security by Design" principles, helping developers understand potential attack vectors and mitigation strategies.

Review Infrastructure as Code (Terraform) templates to ensure secure cloud provisioning.

SIEM & Observability

Review and optimize the current SIEM (Security Information and Event Management) implementation.

Evaluate log ingestion strategies to ensure we are capturing the right data without noise.

Develop and refine correlation rules and alerts to detect anomalies, intrusions, or policy violations effectively.

Culture & Compliance

Act as a subject matter expert for developers, providing guidance on remediation of security findings.

Assist in maintaining compliance with industry standards (e.g., SOC2, ISO 27001, GDPR) through automated controls and evidence gathering