DevSecOps Engineer

Job Context:

We are seeking an experienced DevSecOps Engineer to strengthen secure CI/CD practices across enterprise development environments. The role focuses on building and governing robust pipelines while integrating automated security controls throughout the development lifecycle. You will ensure secure software delivery through supply chain security, container scanning, and compliance aligned with modern frameworks. This position also supports platform resilience, audit readiness, and secure DevOps operations at scale.

Job Responsibilities:

• CI/CD Governance: Architect and manage enterprise GitLab environments, including runner optimization, global pipeline templates, and multi‑stage promotion strategies.
• Pipeline Security (Shift‑Left): Implement and tune automated security gates such as SAST, DAST, secret scanning, and IaC validation. Experience with both mono‑repo and microservice pipeline architectures is essential.
• Supply Chain Security: Manage Nexus OSS repositories and promotion workflows. Enforce “secure‑by‑default” practices using SBOM standards (CycloneDX/SPDX) and VEX for dependency vulnerability and license compliance management.
• Container & K8s Security: Operate Trivy for continuous scanning across CI pipelines, registries, and Kubernetes clusters. Manage severity thresholds, false‑positive triage, and provide actionable remediation guidance to development teams.
• Platform Resilience & Compliance: Administer platform lifecycle operations, including patching, backup/restore drills, and generating automated evidence packs for regulatory audits.

Must‑Have Qualifications:

• Experience: 5+ years in CI/CD engineering and security automation within enterprise‑scale environments.
• Technical Stack: Hands‑on expertise in GitLab CI or Jenkins (shared libraries), container registries, and IaC security tooling.
• Compliance Literacy: Strong understanding of CVE triage, SBOM management, and modern compliance frameworks (e.g., SLSA, NIST).

Educational Requirements:

• B.Sc in Computer Science and Engineering from any reputed public or private university.

Nice‑to‑Have

• GitLab Certified Professional or Jenkins Certified Engineer (CJE).
• Experience with SLSA or similar software supply chain security frameworks.

Workplace: 

• Dhaka, Bangladesh

Working hour:

• 9 AM to 6 PM

Salary: 

• Negotiable (Based on experience and skills)

Compensation & Other Benefits:

• As per company policy

The Application Process:

• Telephone Round.
• Interview with the Team Lead & Talent Acquisition Team.
• Final Interview with the CEO.
• Job Offer.

N.B.: Only shortlisted candidates will be communicated in the recruitment process.