Secure Site Reliability Engineer
About the Role
You will ensure the reliability, consistency, and continuous execution of security controls across CI/CD pipelines and cloud delivery workflows. You will automate security controls, enforce policy-as-code, monitor execution health, maintain dashboards and audit evidence, support investigations of control failures, and develop SSRE runbooks and operational workflows.
Requirements
- 3+ years of experience in DevSecOps, security engineering, or CI/CD automation roles.
- Strong hands-on experience with CI/CD platforms such as Azure DevOps, GitHub Actions, Jenkins.
- Experience integrating security scanning tools into pipelines.
- Knowledge of Infrastructure as Code validation (Terraform, Bicep, ARM).
- Experience with scripting and automation using Python, PowerShell, Bash.
- Understanding of cloud-native security concepts and delivery pipelines.
- Familiarity with compliance-driven environments such as ISO 27001 and SOC 2.
Responsibilities
- Integrate and maintain automated security controls within CI/CD pipelines (SAST, SCA, DAST, IaC scans).
- Enforce security gates and policy-as-code validations across all delivery stages.
- Ensure the reliability and consistency of security checks so controls are not skipped or bypassed.
- Monitor execution health of security controls and detect failures or misconfigurations.
- Maintain dashboards and metrics related to security control execution.
- Collaborate with AppSec to ensure application security scans are executed correctly.
- Collaborate with CloudSec to ensure cloud security policies are enforced during deployments.
- Support security incident investigations related to control failures or pipeline bypasses under ISO guidance.
- Maintain automated security evidence (logs, reports, pipeline artifacts) for audit purposes for a minimum of 24 months.
- Develop and maintain SSRE runbooks, control definitions, and operational workflows.