DevSecOps Engineer Profile

Role Summary:

The DevSecOps Engineer will provide operational, security, and quality assurance expertise

for a diverse ecosystem of Continuous Integration and Continuous Deployment (CI/CD)

tools. This includes troubleshooting user issues, embedding automated security controls, integrating quality gates, and maintaining stable and compliant CI/CD operations across the platform. The engineer will also support Kubernetes, SonarQube, Nexus, and Harbor environments, contributing to a secure, automated, and reliable software delivery framework.

Key Responsibilities:

• User Support and Issue Resolution

• Act as the primary point of contact for users needing assistance with CI/CD tools.

• Troubleshoot issues across Jira, Confluence, GitHub, Harbor, Nexus, Keycloak, and

SonarQube.

• Provide timely and effective solutions for platform-related problems, ensuring high

user satisfaction.

• Platform Configuration and Maintenance

• Configure and maintain GitHub, Nexus, Keycloak, and SonarQube instances to align

with organizational standards.

• Oversee secure management of artifact and container registries (Nexus and Harbor).

• Support deployments and maintain configurations to ensure continuous availability.

• Pipeline Automation and Security Integration

• Develop, enhance, and migrate CI/CD pipelines using GitHub Actions and related

tooling.

• Integrate automated quality and security gates (SonarQube, dependency scanning,

container scanning).

• Embed DevSecOps practices ensuring early detection and remediation of vulnerabilities in the delivery chain.

• Automation and Scripting

• Develop automation scripts to streamline platform maintenance, compliance checks,

and CI/CD setup.

• Use scripting languages (e.g., Python, Bash) to support automation and operational

efficiency.

• Governance, Security, and Compliance

• Maintain security configurations in Keycloak for authentication and authorization.

• Apply CI/CD security best practices including secrets management, least privilege access, and vulnerability scanning.

• Ensure that all CI/CD processes include automated checks for security, code quality,

test coverage, and dependency risks.

Required Skills and Qualifications:

- Proven experience in DevOps or DevSecOps engineering roles with strong knowledge of

CI/CD tools (GitHub Actions, Bamboo, Bitbucket, Jenkins, or similar).

- Experience with containerization and orchestration (Docker, Kubernetes).

- Solid experience with artifact and image management using Nexus and Harbor.

- Familiarity with code quality and security analysis tools such as SonarQube, OWASP dependency-check, or Trivy.

- Proficiency in scripting (Python, Bash) and automation frameworks.

- Strong understanding of IAM, Keycloak, or other SSO/OIDC-based authentication systems.

- Ability to troubleshoot across the full CI/CD stack, from SCM to build, test, and deploy.

- Familiarity with Infrastructure as Code (Terraform, Ansible) is an asset.

- AWS knowledge (EC2, S3, IAM) is an advantage.

Preferred Profile:

- Experience embedding automated quality and security gates into CI/CD pipelines.

- Background in platform operations, DevSecOps governance, or CI/CD migration projects.

- Analytical mindset with strong problem-solving and documentation skills.

- Excellent communication skills and collaborative working style.

This position is ideal for engineers passionate about secure automation, quality-driven delivery, and operational excellence in a modern DevSecOps environment