Interesting Job Opportunity: DevSecOps Engineer - Cloud Security

Job Description

Job Description : DevSecOps Engineer Location : Bangalore Position Type : Full-time Work Experience : 2-5 Years Position Overview We are looking for a DevSecOps Engineer (2-5 years experience) to join our engineering team at Belong. The role involves embedding security into our cloud-native infrastructure, CI/CD pipelines, and application lifecycle. You will work closely with our DevOps, backend, frontend, and compliance teams to ensure that our systems are secure, compliant with ISO 27001 and IFSCA regulations, and resilient against emerging threats. Key Responsibilities Design and implement security controls across AWS (IAM, KMS, GuardDuty, Security Hub, Secrets Manager). Manage infrastructure as code (Terraform) with a focus on secure provisioning. Strengthen security in EKS clusters - network policies, RBAC, pod security, container image scanning. Integrate SAST, DAST, and dependency scanning tools into Bitbucket pipelines. Collaborate with developers to enforce secure coding practices in Python (FastAPI), Node.js (Next.js) and golang. Manage secrets and sensitive data flows (aligning with centralized PII architecture). Monitor and respond to incidents using Wazuh SIEM, Prometheus, Grafana, ClickHouse, and Signoz. Support compliance initiatives (ISO 27001 audits, IFSCA/RBI IT & Cybersecurity guidelines). Perform threat modeling, vulnerability assessments, and penetration testing support. Maintain documentation (Confluence runbooks, security playbooks, architecture diagrams). Qualifications : : 2-5 years of experience in DevOps / Cloud Security / DevSecOps roles. Technical Skills Strong knowledge of AWS security services (IAM, KMS, GuardDuty, Security Hub). Hands-on with Terraform and GitOps tools (ArgoCD, Helm). Proficient in Docker, Kubernetes (EKS), and container security practices. Experience with CI/CD pipeline security - SAST/DAST integration, dependency scanning. Understanding of TLS, OAuth2/JWT, API security (OWASP API Top 10). Familiarity with ISO 27001 controls, incident response, and vulnerability management. Working knowledge of at least one programming/scripting language (Python/Node/Bash). Excellent communication and documentation skills. Soft Skills Strong problem-solving abilities and attention to detail. Excellent communication and collaboration skills. Ability to work in a fast-paced, dynamic environment. (ref:hirist.tech)