DevSecOps Engineer

Job Description:
We are seeking a skilled and experienced DevSecOps Engineer with a strong specialization in Google Cloud
Platform (GCP) to join our dynamic team. In this role, you will play a pivotal role in ensuring the security and
integrity of our software development processes on GCP. Your expertise in GCP, Rego policies, and Terraform will
be instrumental in building a secure and efficient development pipeline.
Responsibilities:

• Develop, implement, and maintain Rego policies to enforce security controls and compliance standards
  within our GCP infrastructure and applications.
• Collaborate with development and operations teams to integrate security into the GCP-focused CI/CD
  pipeline, ensuring security checks and scans are automated and seamlessly incorporated.
• Leverage your GCP expertise to architect and implement secure microservices and containerized
  applications, ensuring compliance with GCP security best practices.
• Design and implement infrastructure-as-code (IaC) using Terraform to define and manage GCP resources
  securely and efficiently.
• Perform thorough security assessments on GCP environments, utilizing GCP-specific security tools and
  technologies, to identify and address potential vulnerabilities.
• Conduct threat modeling and risk assessments for GCP deployments, designing effective security solutions
  tailored to GCP services.
• Collaborate with cross-functional teams to respond to GCP-specific security incidents promptly, conduct
  root cause analysis, and implement corrective actions.
• Stay current with GCP advancements, industry security trends, and best practices, sharing knowledge and
  insights with team members.
• Drive a culture of security awareness specific to GCP environments, ensuring security considerations are
  integrated throughout development.
  Requirements:
• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Proven experience as a DevSecOps Engineer with a strong focus on GCP
• Expertise in Rego policies and policy-as-code practices especially with implementation in GCP
• In-depth understanding of GCP services, security controls, and best practices.
• Proficiency in using GCP-specific security tools, vulnerability scanners, and penetration testing tools.
• Strong experience with infrastructure-as-code (IaC) using Terraform for GCP resource provisioning and
  management.
• Familiarity with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with GCP integrations.
• Solid knowledge of GCP security frameworks, standards, and compliance requirements.
• Strong understanding of container security in GCP and experience securing microservices.
• Excellent communication and collaboration skills, with a proven ability to work effectively in crossfunctional
  teams.
• Relevant GCP certifications such as Google Professional DevOps Engineer, Google Professional Cloud
  Security Engineer, or similar certifications are highly advantageous.
  If you’re enthusiastic about combining your GCP expertise, Rego policies knowledge, and Terraform skills to shape
  a secure GCP development environment, we invite you to join our team and drive our GCP-focused software
  security initiatives forward.