Senior DevSecOps Engineer
EPAM · зарплата не указана · локация не указана · сайт компании · опубликовано 5 июня 2026 г.
Описание вакансии
We are looking for a hands-on Senior DevSecOps Engineer dedicated to closing security gaps across the Azure cloud environment. In this technical position, you will concentrate on vulnerability remediation, AKS hardening, and network isolation through private connectivity and automated pipelines to reinforce our overall cloud security posture.
Responsibilities
Address security recommendations within Microsoft Defender for Cloud and apply technical fixes (patching, config changes, policy deployments) to raise the Azure Secure Score
Strengthen Azure Kubernetes Service (AKS) clusters by applying CIS Benchmarks
Deploy Kubernetes Network Policies to limit pod-to-pod communication
Enforce identity security through Managed Identities, OIDC, and Entra ID integration
Maintain and remediate Kubernetes YAML manifests, making sure Pod Security Standards (PSS) and resource limits are applied
Protect Azure Container Registry (ACR) by configuring Private Endpoints, disabling public access, and handling image signing via Content Trust
Configure lifecycle policies that automatically purge vulnerable or outdated container images
Integrate security scanning (SAST/SCA) into Azure DevOps CI/CD pipelines
Use Infrastructure as Code (Terraform, Bicep, or ARM) to automate the rollout of secure network patterns and NSG rules
Administer Network Security Groups (NSGs) and ASGs following the principle of least privilege
Roll out and manage Azure Private Links and Private Endpoints so PaaS services (SQL, Storage, Key Vault, Cosmos DB) remain off the public internet
Resolve "Public Access Enabled" alerts by shifting resources to private networking backbones
Requirements
4+ years of experience with the Azure Cloud Platform
Proficiency in Microsoft Defender for Cloud, Azure WAF, and Azure Key Vault
Expertise in Azure Pipelines and ACR Management, including integrating automated security gates (SAST/SCA/IaC Scanning) into Azure DevOps CI/CD pipelines
Hands-on background in AKS and ACR security
Strong skills in PowerShell or Azure CLI for bulk remediation tasks
Understanding of VNet Peering, NSG/UDR configuration, and Private Endpoint implementation
Capability to author and remediate Terraform or Bicep code
English proficiency at a B2 level to support clear communication and documentation
Nice to have
Certifications: AZ-500 (Azure Security Engineer Associate) and AZ-400 (Azure DevOps Engineer)