Role Summary

We are seeking a highly experienced Senior DevSecOps Engineer to design, implement, and

operationalize secure CI/CD pipelines based on GitOps principles for a mission-critical system.

The role will focus on building enterprise-grade automation pipelines integrating automated

testing, software composition analysis (SCA), static/dynamic code scanning, SBOM generation,

HSM-based artifact signing, and Kubernetes-based deployment workflows.

The consultant will work closely with developers , Security, QA, and Infrastructure teams to

ensure secure, scalable, and compliant delivery pipelines aligned with industry best practices.

Scope of Work (SOW)

The consultancy shall provide a Senior DevSecOps Engineer responsible for delivering the

following:

• Advanced expertise in DevOps principles and secure SDLC

• Strong experience in Jenkins pipeline development

• Deep knowledge of GitOps workflows

• Hands-on experience integrating:

o Black Duck

o Checkmarx

o Coverity

o Trivy

• Experience generating SBOM using CycloneDX

• Experience integrating HSM-based artifact signing

• Strong Kubernetes experience (Helm, manifests, deployment automation)

• Advanced Linux/Unix administration

• Proficiency in scripting (Python, Bash, Go)

• Strong Git branching strategy experience

• Experience with automated testing frameworks

• Strong understanding of cybersecurity practices for secure communications

• Experience with container security and supply-chain security best practices