Job Description
DevSecOps Engineer
Employment Type:
Full-Time |
Work Location:
Onsite / Hybrid |
Experience:
4-5+ Years
About the Role
We are looking for an experienced DevSecOps Engineer to join our engineering team. You will design, build, and maintain our cloud infrastructure on AWS, drive container-based workloads on Amazon ECS, and embed security practices across the entire software delivery lifecycle. You will collaborate with development, QA, and product teams to deliver reliable, scalable, and secure systems while continuously improving deployment velocity and platform resilience.
Security is a first-class concern in this role. You will champion DevSecOps principles across the team — integrating OWASP Top 10 awareness, SAST/DAST tooling, secrets management, and vulnerability scanning directly into CI/CD pipelines. You will work to ensure that security controls are automated, auditable, and built into every stage of the SDLC rather than bolted on after the fact.
Key Responsibilities
Cloud Infrastructure \& Container Orchestration (Amazon ECS)
•
Contribute to AWS cloud migration and modernisation initiatives, transitioning workloads to container-native architectures on Amazon ECS.
•
Design and manage ECS clusters, task definitions, services, and capacity providers (EC2 and Fargate launch types).
•
Configure and maintain Application Load Balancers (ALB) and Network Load Balancers (NLB), target groups, and listener rules.
•
Manage Amazon ECR repositories, image lifecycle policies, and container image security scanning.
•
Administer VPC networking: subnets, route tables, security groups, NAT gateways, VPC peering, and PrivateLink endpoints.
•
Manage EC2 instances, Auto Scaling groups, and launch templates for high availability and cost-efficiency.
•
Administer Amazon RDS instances (PostgreSQL/MySQL): provisioning, parameter groups, backup policies, read replicas, and failover.
Infrastructure as Code - Terraform
•
Author and maintain reusable Terraform modules covering ECS, EC2, RDS, VPC, IAM, CloudWatch, ALB/NLB, and Auto Scaling.
•
Implement remote state management with S3 backends and DynamoDB state locking.
•
Enforce environment-based deployment patterns (dev/staging/production) using Terraform workspaces or directory structures.
•
Conduct Terraform plan reviews and enforce code standards through peer review and automated policy checks.
•
Version, test, and publish reusable Terraform modules for consumption across multiple product teams.
CI/CD Pipelines \& Deployment Automation
•
Design, build, and maintain CI/CD pipelines using Jenkins, GitHub Actions, GitLab CI/CD, and AWS CodePipeline/CodeBuild.
•
Automate Docker image builds, tagging, vulnerability scanning, and pushes to Amazon ECR.
•
Implement blue-green and rolling deployment strategies for zero-downtime releases on ECS.
•
Integrate automated testing, SAST/DAST scanning, and compliance gates into delivery pipelines.
•
Manage pipeline secrets and environment configuration via AWS Secrets Manager and Systems Manager Parameter Store.
Security, IAM \& Compliance
•
Design and enforce least-privilege IAM policies, roles, and permission boundaries for all AWS workloads.
•
Embed DevSecOps practices: secrets management, image scanning, infrastructure policy enforcement, and audit logging.
•
Monitor and remediate findings from AWS Security Hub, GuardDuty, and container image scanners.
•
Ensure RDS encryption at rest and in transit, automated snapshots, and documented disaster recovery procedures.
•
Maintain network security controls: security groups, NACLs, and AWS WAF rules.
•
Apply and promote security best practices aligned with the OWASP Top 10, ensuring common vulnerabilities (injection, broken authentication, SSRF, etc.) are addressed in CI/CD gates and deployment configurations.
•
Integrate SAST/DAST tooling and dependency scanning into pipelines to detect and remediate vulnerabilities early in the SDLC.
Monitoring, Alerting \& Observability
•
Build and maintain CloudWatch dashboards, metric alarms, log groups, Logs Insights queries, and synthetic monitors.
•
Configure and manage New Relic and/or Grafana + Prometheus stacks for APM and infrastructure observability.
•
Define SLOs, SLIs, and error budgets; proactively identify and resolve reliability risks.
•
Set up structured logging pipelines and centralised log aggregation for all ECS services.
•
Author runbooks and on-call playbooks to support incident response and post-mortem processes.
Cost Optimisation
•
Continuously analyse AWS Cost Explorer and utilisation data to surface optimisation opportunities.
•
Right-size ECS task CPU/memory, EC2 instance types, and RDS instance classes based on real usage metrics.
•
Implement Savings Plans, Reserved Instances, and Spot strategies where applicable.
•
Establish tagging standards and cost allocation reports for per-team/per-service financial visibility.
•
Automate idle resource detection and enforce scheduled scaling policies to reduce waste.
Requirements
Must-Have
•
4-5+ years of hands-on experience in a DevOps or DevSecOps engineering role.
•
Strong proficiency with core AWS services: ECS, EC2, ECR, ALB/NLB, VPC, IAM, RDS, CloudWatch, and Auto Scaling.
•
Deep expertise in Terraform: reusable modules, remote state management, and multi-environment deployments.
•
Solid experience with Docker: optimised Dockerfiles, multi-stage builds, and image lifecycle management.
•
Proven experience building CI/CD pipelines with at least two of: Jenkins, GitHub Actions, GitLab CI/CD, AWS CodePipeline/CodeBuild.
•
Hands-on experience implementing blue-green and rolling deployments for containerised applications on ECS.
•
Proficiency in Linux system administration and Bash scripting; Python scripting is a plus.
•
Experience managing Amazon RDS (provisioning, backups, parameter tuning, failover, encryption).
•
Sound understanding of AWS networking: VPC architecture, subnets, security groups, NACLs, and route tables.
•
Hands-on experience with Amazon CloudWatch for monitoring, alerting, and log analysis.
•
Working experience with at least one APM/observability platform: New Relic, Grafana, or Prometheus.
•
Strong IAM knowledge: least-privilege roles, permission boundaries, and cross-account access patterns.
- •
Demonstrated AWS cost optimisation skills (rightsizing, Savings Plans, tagging and allocation reporting).