Job description

About the Role:

We’re seeking an experienced Senior DevSecOps Engineer to help secure and optimize our cloud infrastructure and CI/CD environments. In this role, you’ll integrate security throughout the software development lifecycle, enabling fast, reliable, and compliant code delivery within a regulated medical technology environment.

Key Responsibilities:

• Design, implement, and secure cloud infrastructure using infrastructure-as-code (IaC) tools such as Terraform or CloudFormation.

• Embed security controls into CI/CD pipelines using tools like SonarQube, GitLab CI, and others.

• Automate security monitoring, vulnerability assessments, and audit logging across systems.

• Manage container security, identity and access management (IAM), secrets management, and encryption solutions.

• Partner with engineering teams to promote secure coding practices and proactive security reviews.

• Ensure infrastructure and processes remain compliant with frameworks such as ISO 27001, HIPAA, GDPR, and other relevant standards.

• Lead incident response efforts, conduct root cause analysis, and document outcomes.

• Facilitate internal security training sessions and contribute to the improvement of technical documentation.

Qualifications:

• Minimum 5 years of experience in DevOps or DevSecOps roles with a strong focus on cloud security.

• In-depth knowledge of AWS or Azure security services and architectures.

• Experience with CI/CD pipelines and scripting languages such as Python, Bash, or PowerShell.

• Familiarity with security frameworks, compliance standards, and secure coding practices.

• Hands-on experience managing container security (e.g., Docker, Kubernetes).

• Proficient with tools like AWS CloudTrail, GuardDuty, Secrets Manager, Vault, or similar.

• Strong analytical, troubleshooting, and incident response skills.

• Relevant security certifications (e.g., AWS Security, CISSP, OSCP) are a plus.

• Excellent English communication skills, both written and spoken.

• Comfortable working with distributed teams and overlapping schedules with colleagues in Pakistan and the United States.