DevSecOps Engineer

Job Title: DevSecOps Engineer

Location: Karachi or Islamabad(on-site), other cities remote

Shift Timings: 9 am to 6 pm

Arpatech (Pvt) Ltd is looking for a DevSecOps/AppSec specialist with 3-4 years of experience to integrate security into our software lifecycle. You will bridge the gap between development, operations, and security to build resilient cloud-native applications.

Core Responsibilities

1. CI/CD Integration: Embed security controls and automated gates into Jenkins pipelines.

2. Security Testing: Design and execute SAST, DAST, and SCA (Software Composition Analysis) to identify vulnerabilities early.

3. Code & Architecture Review: Perform deep-dive manual source code reviews and security assessments.

4. Infrastructure Security: Secure Docker/Kubernetes environments and cloud platforms (AWS/Azure).

5. Remediation & Guidance: Partner with developers to implement secure coding practices (OWASP Top 10) and patch vulnerabilities.

6. Automation: Build custom security tooling and frameworks using Python or Bash.

Technical Requirements

- Experience: 3-4 years in DevSecOps or Application Security.

- Tools: Jenkins, Git, Docker, Kubernetes, and Cloud (AWS or Azure).

- Knowledge: Expertise in the OWASP Top 10, secure configuration management, and application hardening.

- Testing: Proficiency in security testing methodologies and automated scanning tools.

- Education: Bachelor’s degree in Computer Science or a related field.

- Bonus: Certifications like OSCP, OSWE, or AWS Certified Security are highly preferred.

Soft Skills

- Strong analytical and problem-solving mindset.

- Excellent communication skills for cross-functional collaboration.

- Proactive approach to staying ahead of emerging security trends.

Work Location: Remote