HIRING ALERT!! 🚀
Job Title: DevSecOps Engineer
Location: Karachi or Islamabad(on-site), other cities remote
Shift Timings: 9 am to 6 pm
Arpatech (Pvt) Ltd is looking for a DevSecOps/AppSec specialist with 3-4 years of experience to integrate security into our software lifecycle. You will bridge the gap between development, operations, and security to build resilient cloud-native applications.
Core Responsibilities
1. CI/CD Integration: Embed security controls and automated gates into Jenkins pipelines.
2. Security Testing: Design and execute SAST, DAST, and SCA (Software Composition Analysis) to identify vulnerabilities early.
3. Code & Architecture Review: Perform deep-dive manual source code reviews and security assessments.
4. Infrastructure Security: Secure Docker/Kubernetes environments and cloud platforms (AWS/Azure).
5. Remediation & Guidance: Partner with developers to implement secure coding practices (OWASP Top 10) and patch vulnerabilities.
6. Automation: Build custom security tooling and frameworks using Python or Bash.
7. Perform application, api, cloud, infrastructure penetration testing to identify security weakness across environments.
8. Experience with tools such as BurpSuite, NMAP, Metasploit, OWASP ZAP, Nikto
Technical Requirements
- Experience: 3-4 years in DevSecOps or Application Security.
- Tools: Jenkins, Git, Docker, Kubernetes, and Cloud (AWS or Azure).
- Knowledge: Expertise in the OWASP Top 10, secure configuration management, and application hardening.
- Testing: Proficiency in security testing methodologies and automated scanning tools.
- Education: Bachelor’s degree in Computer Science or a related field.
- Bonus: Certifications like OSCP, OSWE, or AWS Certified Security are highly preferred.
Soft Skills
- Strong analytical and problem-solving mindset.
- Excellent communication skills for cross-functional collaboration.
- Proactive approach to staying ahead of emerging security trends.