DevSecOps Engineer

About Parkar Digital:

Parkar Digital is a Hybrid-first company dedicated to hiring, retaining, and developing high-performing employees and teams with diverse backgrounds. We are a digital transformation and software engineering company headquartered in Atlanta, USA, and have our engineering teams across the US, India, and Latin America. Our solutions are powered by the Parkar platforms built using Cloud, Opensource, and Customer experience technologies. Parkar Digital offers an array of IT services across Cloud computing, Product development, Customer experience, Cybersecurity, and AI Engineering.

Parkar Digital, a Gold Certified Microsoft Azure partner, provides technology solutions for Digital Healthcare, Digital Retail & CPG. Our solutions are powered by the Parkar platforms built using Cloud, Opensource, and Customer experience technologies. Our goal is to empower a customer-first approach with digital technologies to deliver human-centric solutions for the clients.

For more info., Visit our website: https://parkar.digital/

LinkedIn - https://www.linkedin.com/company/parkar-digital

Job Title: DevSecOps Engineer (4-5 years’ experience)

Job Overview:

We are seeking a DevSecOps Engineer who plays a crucial role in ensuring the security of our software development and deployment processes. This role is responsible for integrating security practices into the entire software development lifecycle (SDLC) and collaborating with development, security, and operations teams to embed security into our applications and infrastructure.

Responsibilities:

• Collaborate with development and operations teams to integrate security practices into the CI/CD pipeline and automate security testing, monitoring, and compliance checks.
• Implement security controls and best practices for infrastructure as code (IaC) and configuration management tools to ensure secure deployment and management of infrastructure.
• Conduct security reviews and risk assessments of applications and infrastructure components to identify and mitigate security vulnerabilities and threats.
• Develop and maintain security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Monitor and analyze security events and alerts using security information and event management (SIEM) solutions like ELK Stack or MS Sentinel to detect and respond to security incidents in real-time.
• Implement and manage security tools and technologies, such as vulnerability scanners (Tenable, Nessus) , intrusion detection/prevention systems (IDPS), and endpoint detection and response (EDR) solutions.
• Provide security guidance and support to development teams on secure coding practices, secure architecture design, and threat modeling.
• Participate in incident response activities, including investigation, containment, and remediation of security incidents, and contribute to post-incident reviews and lessons learned.
• Stay up to date with emerging security threats, vulnerabilities, and industry trends, and recommend security enhancements and improvements to mitigate risks.
• Manage and administer Windows and Linux lab environments, including system configuration, software installation, user account management, and security hardening (CIS Benchmarks).
• Implement and maintain security controls and best practices for Windows and Linux systems, including patch management, antivirus/antimalware deployment, and endpoint security configurations.
• Monitor system performance and troubleshoot issues related to Windows and Linux operating systems, network connectivity, and application dependencies.
• Implement and manage identity and access management (IAM) solutions for Windows and Linux environments, ensuring appropriate user access permissions and privilege management.
• Collaborate with development and operations teams to deploy, configure, and manage Windows and Linux servers and services in virtualized and cloud environments.
• Conduct regular security audits and vulnerability assessments of Windows and Linux systems and remediate identified security vulnerabilities and misconfigurations.

Requirements:

• Proven experience as a DevSecOps engineer or similar role, with a strong background in software development, operations, and security.
• Proficiency in scripting and programming languages (e.g., Python, Bash, PowerShell) and experience with automation tools and frameworks (e.g., Ansible, Terraform, Jenkins, GitLab CI/CD).
• Deep understanding of security principles, standards, and best practices, including secure coding practices, network security, identity, and access management (IAM), encryption, and authentication mechanisms.
• Hands-on experience with cloud platforms (e.g., AWS, Azure, GCP) and cloud security concepts, such as shared responsibility model, identity, and access management (IAM), and network security groups (NSGs).
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and container security best practices.
• Strong analytical and problem-solving skills, with the ability to analyze complex systems, identify security risks, and propose effective solutions.
• Excellent communication and collaboration skills, with the ability to effectively communicate security concepts and recommendations to technical and non-technical stakeholders.
• Proactive mindset with a continuous improvement mindset, and a passion for staying current with the latest security trends, tools, and techniques.
• Strong proficiency in administering Windows and Linux operating systems, including Windows Server, Red Hat Enterprise Linux (RHEL), and Ubuntu Server.
• Experience with system configuration management tools such as Ansible, Puppet, or Chef for automating configuration and deployment tasks across Windows and Linux environments.
• Knowledge of networking concepts and protocols, including TCP/IP, DNS, DHCP, and VPN, and experience with configuring network services and firewall rules on Windows and Linux systems.
• Familiarity with virtualization technologies such as VMware, Hyper-V, and KVM, and experience with managing virtual machines and containers in Windows and Linux environments.
• Bachelor’s degree in computer science, Information Security, or related field; relevant certifications (e.g., CISSP, CISM, CEH, AWS Certified Security – Specialty) preferred.

Qualification:

• Bachelor’s degree in computer science, Information Security, or related field; relevant certifications (e.g., CISSP, CISM, CEH, AWS Certified Security – Specialty) preferred.