DevSecops Engineer

Overview

We are seeking an experienced DevSecOps Engineer with a strong background in ecommerce environments to help design, implement, and maintain secure, scalable, and highly available CI/CD pipelines and cloud infrastructure. This role will work closely with development, security, and operations teams to embed security throughout the software development lifecycle while supporting high-traffic, revenue-generating platforms.

The ideal candidate understands the unique challenges of ecommerce systems, including payment security, high availability, rapid release cycles, and regulatory compliance.

Key Responsibilities

• Design, implement, and maintain secure CI/CD pipelines for ecommerce applications.
• Embed security controls and automated testing (SAST, DAST, SCA, IaC scanning) into the SDLC.
• Support cloud-based ecommerce platforms with a focus on scalability, availability, and performance.
• Implement and manage infrastructure as code (IaC) using tools such as Terraform, CloudFormation, or ARM.
• Collaborate with development teams to securely deploy and maintain ecommerce applications and APIs.
• Ensure secure handling of payment systems, customer data, and integrations with third-party vendors.
• Monitor, detect, and respond to security events within production and non-production environments.
• Implement and maintain secrets management, certificate management, and key rotation.
• Support compliance efforts related to PCI DSS, SOC 2, ISO 27001, or similar frameworks.
• Perform threat modeling and risk assessments for new ecommerce features and integrations.
• Improve system reliability through automation, monitoring, and incident response practices.
• Participate in on-call rotations and support production releases as needed.

• 5+ years of experience in DevOps or DevSecOps roles.
• Hands-on experience supporting ecommerce platforms, including Swell, Shopify, Magento, BigCommerce, or custom ecommerce solutions.
• Integrate and manage Cloudflare services (WAF, CDN, DDoS protection, Zero Trust access, bot management) to protect and optimize ecommerce applications
• Strong experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, Azure DevOps, etc.).
• Experience securing cloud environments (AWS, Azure, and/or GCP).
• Solid understanding of web application security and OWASP Top 10.
• Experience with containerization and orchestration (Docker, Kubernetes).
• Familiarity with SAST, DAST, and dependency scanning tools (e.g., Snyk, Checkmarx, Veracode).
• Strong scripting skills (Bash, Python, or similar).
• Experience with monitoring and logging tools (Prometheus, Grafana, ELK/Elastic, Datadog).
• Understanding of PCI DSS requirements and secure payment processing workflows.