[Remote] Senior Cyber Security Engineer (DevSecOps & Cloud Security)
Note: The job is a remote job and is open to candidates in USA. NAM Info Inc is seeking an experienced Senior Cyber Security Engineer to lead enterprise cloud security and DevSecOps initiatives. The ideal candidate should have strong expertise in AWS cloud security and will be responsible for designing secure cloud infrastructure, implementing DevSecOps practices, and ensuring compliance with security standards.
Responsibilities
- Design and secure AWS cloud infrastructure and cloud-native applications
- Implement DevSecOps practices across CI/CD pipelines
- Build and manage secure Infrastructure as Code (Terraform)
- Automate security processes using Python and scripting
- Secure Kubernetes (EKS), Docker containers, APIs, and microservices
- Integrate SAST, DAST, SCA, IaC scanning, container image scanning, and secrets scanning into CI/CD pipelines
- Perform vulnerability assessments, security hardening, risk assessments, and incident response
- Implement IAM, encryption, KMS, Secrets Manager, WAF, GuardDuty, Security Hub, Inspector, Macie, AWS Config, CloudTrail, and CloudWatch
- Collaborate with Engineering, DevOps, Cloud, and Compliance teams to implement Secure SDLC and cloud security best practices
- Ensure compliance with ISO 27001, SOC 2, PCI DSS, CIS Benchmarks, and NIST standards
Skills
- 10–14+ Years of experience
- Strong expertise in AWS cloud security
- DevSecOps expertise
- CI/CD security knowledge
- Infrastructure as Code (Terraform) experience
- Python automation skills
- Kubernetes knowledge
- Container security experience
- Vulnerability management skills
- Security compliance knowledge
- Design and secure AWS cloud infrastructure and cloud-native applications
- Implement DevSecOps practices across CI/CD pipelines
- Build and manage secure Infrastructure as Code (Terraform)
- Automate security processes using Python and scripting
- Secure Kubernetes (EKS), Docker containers, APIs, and microservices
- Integrate SAST, DAST, SCA, IaC scanning, container image scanning, and secrets scanning into CI/CD pipelines
- Perform vulnerability assessments, security hardening, risk assessments, and incident response
- Implement IAM, encryption, KMS, Secrets Manager, WAF, GuardDuty, Security Hub, Inspector, Macie, AWS Config, CloudTrail, and CloudWatch
- Collaborate with Engineering, DevOps, Cloud, and Compliance teams to implement Secure SDLC and cloud security best practices
- Ensure compliance with ISO 27001, SOC 2, PCI DSS, CIS Benchmarks, and NIST standards
- Bachelor's or Master's degree in Computer Science, Information Security, or a related field
- 10–14+ years of experience in Cyber Security, Cloud Security, DevSecOps, or Infrastructure Security
- Strong hands-on experience with AWS, Terraform, Python, Kubernetes, CI/CD security, cloud security architecture, and enterprise security best practices
- Cloud: AWS (EC2, VPC, IAM, S3, RDS, EKS, ECS, Lambda, API Gateway, CloudFront, Route 53, CloudTrail, CloudWatch, Security Hub, GuardDuty, Inspector, Macie, AWS Config, WAF, Shield, KMS, Secrets Manager)
- DevSecOps & CI/CD: Jenkins, GitHub Actions, GitLab CI/CD, Azure DevOps, SonarQube, Snyk, Checkmarx, Veracode, OWASP Dependency-Check
- Infrastructure as Code: Terraform, Terragrunt, Checkov, tfsec, Terrascan
- Containers & Orchestration: Docker, Kubernetes, Amazon EKS, Helm
- Programming: Python, Bash, Shell Scripting
- Security: SIEM (Splunk, Microsoft Sentinel, QRadar), CSPM (Prisma Cloud, Wiz), Qualys, Nessus, Trivy, API Security, Zero Trust, Secrets Management, Secure SDLC, Threat Modeling
- Version Control: Git, GitHub, GitLab, Bitbucket
- Relevant certifications such as AWS Certified Security – Specialty, CISSP, CCSP, CKS, CKA, or HashiCorp Terraform Associate
Company Overview
Company H1B Sponsorship