DevSecOps Engineer

    • Bangalore, India

Job Description

VMware is the leader in virtualization and cloud infrastructure solutions that enable our more than 350,000 enterprise and SMB customers to thrive in the Cloud Era. A pioneer in the use of virtualization and automation technologies, VMware simplifies IT complexity across the entire data center to the virtual workplace, empowering customers with solutions in the software-defined data center to hybrid cloud computing and the mobile workspace.

You've read the headlines - data breaches are rampant and it's not because organizations aren't spending enough money on IT security. In fact, we are spending more than ever while breaches persist and grow in impact. Traditional IT security needs an overhaul that focuses on effective design and usability - especially in rapidly changing public and private cloud environments.

THIS is where you come in.

VMware Business IT is responsible for building and maintaining applications enabling VMware business operations. You will be part of a fast paced and tightly knit DevOps team, which prides in its innovative skills and ability to deliver a high quality product in a short time span. DevSecOps (part of DevOps) team within Business IT is also responsible for enabling teams to build secure applications and identify threats and vulnerabilities.

DevSecOps team knows that making security easy to use means that it is more likely to be used. This means better security in the long run.

Do you like to create exploits for vulnerabilities, but at the same time help teams deploy mitigations and workarounds for those vulnerabilities to keep them safe? Can you explain a specific vulnerability to individuals who are not tuned to think application security?

We are seeking a DevSecOps Engineer with a passion to drive automation at all stages of software development, release, operations and maintenance.


  • As one of our DevSecOps Engineers your primary role will be to design, implement, and verify technical solutions to mitigate security issues in Business IT landscape
  • Perform Design review, Penetration testing, code and configuration review for applications built on modern tech stacks like Java, Node, Go, PHP, Python, Angular, React, NoSQL, etc.
  • You will provide advice on security best practices, and guide teams in developing, adopting, and enforcing security and access policies appropriate to their cloud platforms of choice
  • You will perform VAPT on cloud assets, deliver remediation recommendations, and provide knowledgeable assistance in resolving identified vulnerabilities
  • You will be actively involved in designing, developing, and integrating commercial and open source security tools in the DevOps pipeline
  • Function as a technical generalist responsible for the overall health and performance of the application landscape

  • Master's degree preferred, Bachelor's in Computer Science or EE is required
  • 8+ years' experience working in an Enterprise grade software application development environment
  • 3+ years of experience in designing and developing automation
  • Passion in DevOps and strong skills in at least one scripting language (Python or equivalent)
  • 3 + years of experience in application development
  • Proficient in coding and debugging in Java, GoLang, Node, PHP, Angular (at least 2)
  • You have a strong security background, and at least 4 years' experience in a hands-on application security role, ideally on microservices and cloud platforms
  • You have experience in performing Design review, Penetration testing and Code review on enterprise applications
  • Experience with tools like Fortify, Checkmarx, Coverity, Blackduck, Burp, Rapid7, Twistlock, Nessus, NMap, etc.
  • You will work with Business IT teams to create, update, and implement Information Security designs, standards and procedures
  • Comfortable working hand-in-hand with development and security to support overall business requirements.
  • Experience in automated testing of web applications and web services in a fast-moving and agile environment
  • Experience in setting up and maintaining an automation framework and tests from scratch
  • Experience in security testing of mobile applications is a plus
  • Application security certification like OSWE, GWAPT, OSCP a plus
  • You have demonstrable experience, with the ability to build strong working relationships with variety of teams, drive change and see projects to completion
  • You will evaluate and recommend new and emerging security products and technologies
  • You have excellent presentation and writing skills

VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.

Back to top