Senior DevSecOps Engineer

We are looking for a hands-on Senior DevSecOps Engineer dedicated to closing security gaps across the Azure cloud environment. In this technical position, you will concentrate on vulnerability remediation, AKS hardening, and network isolation through private connectivity and automated pipelines to reinforce our overall cloud security posture.

Responsibilities

• Address security recommendations within Microsoft Defender for Cloud and apply technical fixes (patching, config changes, policy deployments) to raise the Azure Secure Score
• Strengthen Azure Kubernetes Service (AKS) clusters by applying CIS Benchmarks
• Deploy Kubernetes Network Policies to limit pod-to-pod communication
• Enforce identity security through Managed Identities, OIDC, and Entra ID integration
• Maintain and remediate Kubernetes YAML manifests, making sure Pod Security Standards (PSS) and resource limits are applied
• Protect Azure Container Registry (ACR) by configuring Private Endpoints, disabling public access, and handling image signing via Content Trust
• Configure lifecycle policies that automatically purge vulnerable or outdated container images
• Integrate security scanning (SAST/SCA) into Azure DevOps CI/CD pipelines
• Use Infrastructure as Code (Terraform, Bicep, or ARM) to automate the rollout of secure network patterns and NSG rules
• Administer Network Security Groups (NSGs) and ASGs following the principle of least privilege
• Roll out and manage Azure Private Links and Private Endpoints so PaaS services (SQL, Storage, Key Vault, Cosmos DB) remain off the public internet
• Resolve "Public Access Enabled" alerts by shifting resources to private networking backbones

Requirements

• 4+ years of experience with the Azure Cloud Platform
• Proficiency in Microsoft Defender for Cloud, Azure WAF, and Azure Key Vault
• Expertise in Azure Pipelines and ACR Management, including integrating automated security gates (SAST/SCA/IaC Scanning) into Azure DevOps CI/CD pipelines
• Hands-on background in AKS and ACR security
• Strong skills in PowerShell or Azure CLI for bulk remediation tasks
• Understanding of VNet Peering, NSG/UDR configuration, and Private Endpoint implementation
• Capability to author and remediate Terraform or Bicep code
• English proficiency at a B2 level to support clear communication and documentation

Nice to have

• Certifications: AZ-500 (Azure Security Engineer Associate) and AZ-400 (Azure DevOps Engineer)