Deskripsi Pekerjaan
Nexus Technologies is seeking a proactive DevSecOps Engineer to drive the integration of security across the software development lifecycle. In this pivotal role, you will champion "Shift-Left" methodologies, ensuring that security is not an afterthought but a fundamental component of every pipeline. You will collaborate closely with development and operations teams to automate security compliance, manage cloud infrastructure securely, and mitigate vulnerabilities before deployment. We are looking for a detail-oriented professional who is passionate about building resilient, secure applications in a fast-paced environment.
As a DevSecOps Engineer, you will act as the bridge between development and security, implementing automated controls that reduce risk without sacrificing velocity. Your expertise will help Nexus maintain its reputation for delivering high-quality, compliant software solutions to our clients. You will have the opportunity to work with cutting-edge technologies and contribute to a culture of security-first innovation.
Tanggung Jawab
- Design, implement, and maintain secure CI/CD pipelines integrating automated security testing and code scanning tools.
- Manage Infrastructure as Code (IaC) templates to ensure consistent and secure cloud provisioning.
- Conduct regular security assessments, threat modeling, and vulnerability scans to identify potential risks.
- Enforce security policies and compliance standards (e.g., ISO 27001, SOC2) within the development environment.
- Respond to and remediate security incidents and alerts in real-time.
- Collaborate with development teams to integrate secure coding practices into the agile workflow.
- Automate the deployment of security patches and updates across infrastructure.
Kualifikasi
- Bachelor's degree in Computer Science, Information Technology, or Cybersecurity.
- 3+ years of experience in DevSecOps, Cloud Security, or SRE roles.
- Strong proficiency in Linux, Docker, Kubernetes, and container orchestration.
- Experience with major cloud providers (AWS, Azure, or GCP) and their native security tools.
- Familiarity with security tools such as Snyk, SonarQube, or HashiCorp Vault.
- Experience with scripting languages (Python, Bash, or Go) for automation.
- Certifications such as CISSP, Security+, or AWS Security Specialty are a plus.