Overview
We are seeking an experienced DevSecOps Engineer with a strong background in ecommerce environments to help design, implement, and maintain secure, scalable, and highly available CI/CD pipelines and cloud infrastructure. This role will work closely with development, security, and operations teams to embed security throughout the software development lifecycle while supporting high-traffic, revenue-generating platforms.
The ideal candidate understands the unique challenges of ecommerce systems, including payment security, high availability, rapid release cycles, and regulatory compliance.
Key Responsibilities
- Design, implement, and maintain secure CI/CD pipelines for ecommerce applications.
- Embed security controls and automated testing (SAST, DAST, SCA, IaC scanning) into the SDLC.
- Support cloud-based ecommerce platforms with a focus on scalability, availability, and performance.
- Implement and manage infrastructure as code (IaC) using tools such as Terraform, CloudFormation, or ARM.
- Collaborate with development teams to securely deploy and maintain ecommerce applications and APIs.
- Ensure secure handling of payment systems, customer data, and integrations with third-party vendors.
- Monitor, detect, and respond to security events within production and non-production environments.
- Implement and maintain secrets management, certificate management, and key rotation.
- Support compliance efforts related to PCI DSS, SOC 2, ISO 27001, or similar frameworks.
- Perform threat modeling and risk assessments for new ecommerce features and integrations.
- Improve system reliability through automation, monitoring, and incident response practices.
- Participate in on-call rotations and support production releases as needed.
