Description
About the Role
The role focuses on preventing security vulnerabilities across production, staging, and development environments. The Engineer will integrate security into CI/CD, enforce access controls, manage patching, and support audit compliance.
Required Skill Set And Experience
3+ years in DevSecOps, DevOps, or Security Engineering
Experience with .NET, SharePoint, SQL Server, and Python security
SAST/SCA tools: SonarQube, Snyk, Bandit, Safety, OWASP Dependency-Check
CI/CD: DevOps, GitHub or GitLab
Secrets management: AWS Key Vault or HashiCorp Vault
Scripting: Python, PowerShell, or Bash
Compliance frameworks: NIST, SOC2, or ISO 27001
Preferred Qualifications
- Certifications: DevSecOps Professional, CISSP, CEH, Security+, AWS Security Engineer
- Experience with MS SQL Server TDE, RLS, and dynamic data masking
- Experience with SharePoint PnP PowerShell automation
Key Responsibilities
- Integrate SAST/SCA/DAST tools into CI/CD pipelines
- Build secure pipelines (DevOps, GitHub/ GitLab)
- Ensure encrypted backups (AES-256) of SharePoint content databases
- Automate permission audits and external sharing reviews
- Implement TDE (Transparent Data Encryption) for production databases
- Enforce row-level security (RLS) and dynamic data masking
- Automate vulnerability assessments and encrypted Database backups
- Enforce MFA, RBAC, and quarterly access reviews for all accounts
- Maintain environment separation (prod/staging/dev) with no production data in non-prod
- Manage vulnerability
- Support CAB change management and enforce blackout windows
- Ensure encrypted backups (AES-256) with quarterly restoration tests
- Track EoSL dates for OS, apps, frameworks, and dependencies
- Prepare audit evidence and monthly security reports