DevOps Engineer

You will be joining Snapmint, a leading fintech company in India that is revolutionizing consumer credit access. With a strong customer base of over 10 million spread across 2,200+ cities, Snapmint's zero-cost EMI platform allows for responsible purchases in various categories without the necessity of a credit card. As a DevSecOps Engineer at Snapmint, you will play a crucial role in integrating security measures into the DevOps lifecycle to ensure the security, scalability, and efficiency of applications and infrastructure, aligning with ISO/PCI-DSS guidelines. Your responsibilities will include: - Integrating security best practices into CI/CD pipelines such as GitLab, Jenkins, GitHub Actions - Automating security scans like SAST, DAST, and dependency checks, and enforcing policies - Implementing Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or Ansible - Collaborating with development teams to address vulnerabilities and conduct threat modeling - Monitoring infrastructure and application security using tools like Wazuh/Ossec or equivalent - Securely managing secrets and credentials with tools like Vault, AWS Secrets Manager, etc. - Conducting regular security audits and assessments for cloud environments (AWS, GCP, Azure) - Enhancing logging, monitoring, and alerting for security anomalies with tools like ELK, Prometheus, Loki, SIEM tools - Staying updated on security trends, vulnerabilities, and compliance requirements - Conducting Incident Reviews and Reporting Requirements for this role include: - 5+ years of experience in DevOps/Security engineering or a related field - Proficiency in CI/CD practices and automating security checks - Hands-on experience with container security (Docker, Kubernetes, image scanning) - Familiarity with cloud platforms (AWS/GCP) and cloud security principles - Experience with tools like SonarQube, OWASP ZAP, Trivy, Checkov, or snyk - Strong scripting skills (Python, Bash, or similar) - Knowledge of IAM, RBAC, and least privilege principles - Understanding of network and application security fundamentals - Strong collaboration and communication abilities - Knowledge and experience with Security Frameworks, PCI-DSS/ISO standards, Patch Management, and VA scan for Servers Preferred Qualifications: - Certifications such as AWS Security, Certified DevSecOps Professional, CEH, or similar - Experience with compliance frameworks (SOC2, ISO 27001, PCI-DSS, etc.) - Familiarity with Zero Trust Architecture and Secure SDLC concepts Join Snapmint at their Gurugram location in Unitech Cyber Park, Sector 39 for a Monday to Friday work schedule with 5 days on-site. You will be joining Snapmint, a leading fintech company in India that is revolutionizing consumer credit access. With a strong customer base of over 10 million spread across 2,200+ cities, Snapmint's zero-cost EMI platform allows for responsible purchases in various categories without the necessity of a credit card. As a DevSecOps Engineer at Snapmint, you will play a crucial role in integrating security measures into the DevOps lifecycle to ensure the security, scalability, and efficiency of applications and infrastructure, aligning with ISO/PCI-DSS guidelines. Your responsibilities will include: - Integrating security best practices into CI/CD pipelines such as GitLab, Jenkins, GitHub Actions - Automating security scans like SAST, DAST, and dependency checks, and enforcing policies - Implementing Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or Ansible - Collaborating with development teams to address vulnerabilities and conduct threat modeling - Monitoring infrastructure and application security using tools like Wazuh/Ossec or equivalent - Securely managing secrets and credentials with tools like Vault, AWS Secrets Manager, etc. - Conducting regular security audits and assessments for cloud environments (AWS, GCP, Azure) - Enhancing logging, monitoring, and alerting for security anomalies with tools like ELK, Prometheus, Loki, SIEM tools - Staying updated on security trends, vulnerabilities, and compliance requirements - Conducting Incident Reviews and Reporting Requirements for this role include: - 5+ years of experience in DevOps/Security engineering or a related field - Proficiency in CI/CD practices and automating security checks - Hands-on experience with container security (Docker, Kubernetes, image scanning) - Familiarity with cloud platforms (AWS/GCP) and cloud security principles - Experience with tools like SonarQube, OWASP ZAP, Trivy, Checkov, or snyk - Strong scripting skills (Python, Bash, or similar) - Knowledge of IAM, RBAC, and least privilege principles - Understanding of network and application security fundamentals - Strong collaboration and communication abilities - Knowledge and experience with Security Frameworks, PCI-DSS/ISO standards, Patch Management, and VA scan for Servers Preferred Qualifications: - Certifications such as AWS Securi