Cognyte DevOps Engineer 

Romania, Bucharest 

960620725

Today’s world is crime-riddled. Criminals are everywhere, invisible, virtual and sophisticated. Traditional ways to prevent and investigate crime and terror are no longer enough…

Technology is changing incredibly fast. The criminals know it, and they are taking advantage. We know it too.

So, if you rock at

Role Overview:

This role focuses on integrating security best practices into CI/CD pipelines and production system deployments, ensuring security is embedded throughout the software development lifecycle. As a DevSecOps Engineer, you will work closely with architecture, development, and operations teams to make security a shared responsibility across all stages of software development and deployment.

Your primary responsibility will be implementing security best practices, testing, and automation tools into CI/CD pipelines and production environments using industry-standard tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security mechanisms.

Key Responsibilities:

·Security Integration into DevOps:Collaborate with development and operations teams to integrate security practices into every stage of the software development lifecycle, from code creation to deployment.

·CI/CD Pipeline Security:Configure, implement, and manage security tools and automation in CI/CD pipelines to detect vulnerabilities early in the development process.

·Security Testing:Use SAST and DAST tools to automate security testing for code and applications. Continuously monitor security scans, report findings, and recommend remediation strategies.

·Continuously enhance and automate security processes to deliver secure software efficiently while minimizing manual intervention.

Experience Required:

• 3+ years of experience in DevOps or a similar role focused on integrating security into CI/CD processes.
• Proven experience implementing and configuring security tools such as SAST, DAST, and other automation tools.
• Strong hands-on experience with CI/CD tools and languages (e.g., Jenkins, Groovy, Git, Python, Bash) for pipeline automation.
• Proficiency in cloud-native deployments and management (e.g., Helm, Kustomize), Kubernetes objects, and cluster debugging.
• Familiarity with Infrastructure as Code (IaC) tools like Terraform and Ansible.
• Knowledge of CIS benchmark recommendations and system hardening practices.

Technical Skills:

• Proficiency in programming/scripting languages (e.g., Python, Bash, Groovy, Ansible, Helm) for automation.
• In-depth knowledge of security vulnerabilities (e.g., OWASP Top 10) and mitigation best practices.
• Experience with vulnerability scanning and static and dynamic application security testing tools (e.g., SonarQube, Checkmarx, OWASP ZAP, Coverity, Lint).
• Familiarity with on-premises cloud platforms (e.g., OpenShift, Tanzu) and public cloud platforms (AWS, Azure, GCP) and their security configurations.

Soft Skills:

• Strong communication skills to effectively collaborate with cross-functional teams.
• A problem-solving mindset with the ability to quickly troubleshoot and resolve security issues.
• A proactive and collaborative approach to fostering a security-first mindset across the organization.