Secure Site Reliability Engineer

About The Position

Requirements

• 3+ years of experience in DevSecOps, security engineering, or CI/CD automation roles.
• Strong hands-on experience with CI/CD platforms (Azure DevOps, GitHub Actions, Jenkins).
• Experience integrating security scanning tools into pipelines.
• Knowledge of Infrastructure as Code (Terraform, Bicep, ARM) from a validation perspective.
• Experience with scripting and automation (Python, PowerShell, Bash).
• Understanding of cloud-native security concepts and delivery pipelines.
• Familiarity with compliance-driven environments (ISO 27001, SOC 2).

Responsibilities

• Integrate and maintain automated security controls within CI/CD pipelines (SAST, SCA, DAST, IaC scans).
• Enforce security gates and policy-as-code validations across all delivery stages.
• Ensure the reliability and consistency of security checks (controls never skipped or bypassed).
• Monitor execution health of security controls and detect failures or misconfigurations.
• Maintain dashboards and metrics related to security control execution (not service availability).
• Collaborate with AppSec to ensure application security scans are executed correctly.
• Collaborate with CloudSec to ensure cloud security policies are enforced during deployments.
• Support security incident investigations related to control failures or pipeline bypasses, under ISO guidance.
• Maintain automated security evidence (logs, reports, pipeline artifacts) for audit purposes (minimum 24 months).
• Develop and maintain SSRE runbooks, control definitions, and operational workflows.