DevSecOps Engineer

HCLTech is a global leader in technology and IT services, renowned for driving innovation and delivering transformative solutions across multiple industries. With a presence in over 50 countries and a workforce exceeding 200,000 professionals, HCLTech is committed to fostering an inclusive culture, empowering its employees, and leveraging technology to solve complex business challenges. Our dedication to excellence has consistently positioned us as an industry frontrunner and a trusted partner for clients worldwide.

To learn how we can supercharge progress for you, visit hcltech.com

Overview of the Role:

As a DevSecOps Engineer at HCLTech, you will play a pivotal role in integrating security practices within the software development and operations lifecycle. You will be responsible for designing, implementing, and maintaining secure CI/CD pipelines, safeguarding cloud and hybrid environments, and ensuring compliance with industry standards. This role is crucial to advancing HCLTech’s mission of delivering secure, scalable, and innovative technology solutions to regulated industries, including healthcare and medical devices.

Detailed Responsibilities:

• Design, develop, and implement robust DevSecOps solutions to automate security across CI/CD pipelines and software delivery processes.
• Collaborate with development, operations, and security teams to embed security controls and best practices throughout the application lifecycle.
• Conduct risk assessments, vulnerability management, and security reviews for cloud and hybrid infrastructures.
• Ensure compliance with industry security frameworks such as NIST, ISO 27001, and manage ongoing risk and security governance.
• Lead and support security automation initiatives, integrating DevOps tools and technologies to enhance security posture.
• Engage with internal and external stakeholders, including technical teams and senior leadership, to communicate security risks, mitigation strategies, and project progress.
• Perform security assessments for vendors and third-party applications, manage vendor security relationships, and drive third-party risk mitigation.
• Participate in incident response and root cause analysis, providing expert guidance on security remediation.
• Document and report on security metrics, compliance status, and improvement initiatives.

Skill Requirements:

• Minimum 5 years of experience in DevSecOps, Cloud Security, or Application Security roles.
• Proven hands-on expertise with CI/CD pipelines, DevOps tools (such as Jenkins, Git, Docker, Kubernetes), and security automation practices.
• Deep understanding of industry security standards and frameworks: NIST, ISO 27001, risk management, and governance.
• Demonstrated experience securing cloud (AWS, Azure, GCP) and hybrid environments.
• Strong communication and stakeholder management skills, both technical and non-technical.
• Relevant certifications such as CISSP, CISM, CKS, CCSP, AWS/Azure Security, or equivalent.
• Experience in regulated industries, specifically healthcare or medical device sectors.

Nice to have:

• Exposure to vendor security management and third-party risk assessment methodologies.
• Experience with security operations, incident response, and forensic investigation.
• Familiarity with regulatory compliance requirements (HIPAA, FDA, GDPR).
• Knowledge of infrastructure as code (IaC) and related security practices.

What we offer:

• Life insurance
• Private medical care
• MultiSport Card
• Subsidies for glasses
• Subsidies for language courses
• Christmas and holiday bonuses