Cyber Security Engineer - DevSecOps (5-8 yrs)

Responsibilities :

- Expertise in Federated SSO, OAuth, OpenID, JWT tokens, and mutual authentication.

- Strong knowledge of encryption standards (TLS, AES, RSA) and secure key management.

- Experience in security vulnerability management and tools like SonarQube, Checkmarx, or Veracode.

- Proficiency in DevSecOps, CI/CD security, and Infrastructure-as-Code (IaC) security.

- Familiarity with cloud security in AWS, Azure, or GCP.

- Knowledge of network security, firewalls, and intrusion detection systems.

- Strong scripting and automation skills (Python, Bash, or PowerShell).

- Security certifications such as CISSP, CEH, CISM, or AWS Security Specialty (preferred).

- Hands-on experience with Zero Trust security models.

- Experience in API security and securing microservices.

- Knowledge of blockchain security or AI/ML security (optional but a plus).

Authentication & Authorization :

- Design and implement secure authentication and authorization mechanisms, including Federated SSO, SAML, OAuth, OpenID Connect, and JWT tokens.

- Configure and maintain Identity & Access Management (IAM) solutions.

- Ensure mutual authentication between microservices and external applications.

Application Security :

- Conduct secure code reviews, vulnerability assessments, and penetration testing to identify security gaps.

- Implement OWASP best practices to mitigate risks such as SQL injection, XSS, CSRF, and broken authentication.