DevSecOps Engineer

DevSecOps Engineer

BNI Global is seeking a skilled DevSecOps Engineer to integrate security across the software development and delivery lifecycle. You will ensure applications, infrastructure, and pipelines are secure by design, working closely with engineering, platform, and cloud teams. This role requires strong technical capability, understanding of cloud-native architectures, and the ability to apply security best practices without hindering delivery.

Job Responsibilities:

Security Engineering & Secure Development

• Apply security best practices to address common vulnerabilities, including OWASP Top 10 risks.
• Participate in threat modeling discussions to identify attack vectors and mitigate risks early in the design phase.
• Review application code for security vulnerabilities and enforce secure coding standards across development teams.

CI/CD & DevSecOps Integration

• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Tune security tools, minimize false positives, and support automated remediation where feasible.
• Design and maintain secure CI/CD pipelines with appropriate security gates and controls.
• Automate security scans and contribute to reusable security automation frameworks.

Container & Kubernetes Security

• Enforce secure base image standards and harden container configurations.
• Implement runtime container security controls (e.g., Falco or equivalent tools).
• Apply Kubernetes security best practices including RBAC, network policies, and Pod Security standards.

Cloud & Infrastructure security (AWS)

• Implement least-privilege access models using IAM roles and policies.
• Configure secure networking controls including security groups, NACLs, and zero-trust principles.
• Support secure cloud architecture through policy enforcement and continuous monitoring.

Secrets, Identity & Access Management

• Implement centralized secrets management using tools such as AWS Secrets Manager or HashiCorp Vault.
• Enforce secrets rotation policies and access controls.
• Apply Role‑Based Access Control (RBAC) across platforms and services.

Vulnerability Management & Compliance

• Monitor, prioritize, and track vulnerabilities across applications and infrastructure.
• Define and support SLAs for vulnerability remediation.
• Implement audit logging and support compliance and internal audit requirements.

Monitoring, Detection & Incident Response

• Monitor logs and security telemetry for anomalous or suspicious activity.
• Implement and support SIEM solutions and security dashboards.
• Assist in handling security incidents, including basic incident response and root‑cause analysis.

Data & Network Security

• Apply data security controls including encryption in transit (TLS) and at rest.
• Support secure data handling and protection designs across systems.
• Assist in designing and maintaining secure network architectures.

Any additional duties needed to help demonstrate our core values, drive our vision, and fulfill our mission.

Competencies:

• Accountability & Integrity
• Communication
• Analytical Thinking
• Initiative
• Interpersonal Skills
• Problem Solving
• Self-Management
• Teamwork
• Technical Proficiency

Qualifications:

• Business-level English proficiency.
• 2–5 years of experience in DevSecOps, Application Security, Cloud Security, or a related role.
• Bachelor’s degree in Computer Science, Information Technology, Engineering, or a related technical field.
• Strong understanding of application and infrastructure security fundamentals.
• Hands‑on experience with: SAST, DAST, and SCA tools; CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins); Containers and Kubernetes security; AWS security services and IAM.
• Experience with secrets management and secure configuration practices.
• Working knowledge of monitoring, logging, and security observability tools.
• Ability to automate repetitive security tasks using scripts or pipelines.
• Strong problem‑solving skills and the ability to collaborate with cross‑functional teams.

Preferred Qualifications:

• Experience with runtime security tools (e.g., Falco).
• Exposure to SIEM platforms and incident response processes.
• Familiarity with compliance standards and audit preparation.
• Experience working in cloud‑native, microservices‑based environments.

Key skills/competency:

• DevSecOps
• Application Security
• Cloud Security
• Kubernetes Security
• CI/CD Pipelines
• AWS Security
• Vulnerability Management
• SAST DAST SCA
• Secure Coding
• Incident Response