N

Senior Staff Engineer (AI Developer - DevSecOps Tools)

Nagarro · State of Mahārāshtra, India

10–18 yrs experiencefull_timePosted 1mo ago
Apply now →

Job description

**Company Description** **We're Nagarro.** We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at a scale — across all devices and digital mediums, and our people exist everywhere in the world (18500+ experts across 40 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in! **Job Description** Requirements - Experience : 7.5+ years - Strong software engineering experience with good hands-on experience developing AI/ML or security automation solutions. - Strong programming expertise in Python with hands-on experience using libraries such as Scikit-learn, PyTorch, Pandas, and NumPy. - Experience developing AI-powered applications involving machine learning, large language models (LLMs), automation, or intelligent workflows. - Strong understanding of DevSecOps practices and hands-on experience with security tools including SAST, SCA, secrets detection, IaC scanning (Checkov, Terrascan), and container image scanning (Trivy). - Experience integrating security automation into CI/CD platforms such as Azure DevOps, GitHub Actions, Jenkins, or GitLab CI. - Hands-on experience with Docker, Kubernetes (AKS/EKS preferred), and container security best practices. - Working knowledge of policy-as-code frameworks such as OPA/Rego and Kubernetes security enforcement. - Experience with LLM APIs including Azure OpenAI or OpenAI, along with prompt engineering, Retrieval-Augmented Generation (RAG), and AI-assisted code analysis. - Experience building REST APIs and microservices using FastAPI or Flask. - Familiarity with cloud platforms such as Microsoft Azure, AWS, or Google Cloud Platform and cloud-native security concepts. - Knowledge of Infrastructure-as-Code technologies including Terraform, ARM templates, and Helm. - Experience with secrets management solutions such as HashiCorp Vault or Azure Key Vault. - Understanding of MLOps practices, model deployment, monitoring, drift detection, and CI/CD for machine learning solutions. - Experience working with event-driven architectures and messaging platforms such as Azure Event Hub, AWS EventBridge, or Google Cloud Pub/Sub. - Familiarity with cloud security platforms such as Prisma Cloud, Wiz, Aqua Security, or Snyk is an advantage. - Exposure to LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks is desirable. - Knowledge of GitOps tools such as ArgoCD or Flux and policy frameworks including HashiCorp Sentinel or Cedar is preferred. - Experience integrating security tools with platforms such as Jira, ServiceNow, or Azure Sentinel SOAR is an added advantage. - Strong analytical, troubleshooting, and problem-solving skills with the ability to develop scalable and secure enterprise solutions. - Excellent communication and collaboration skills with experience working in Agile and cross-functional development environments. - Bachelor's degree in Computer Science, Information Technology, Engineering, MCA, or a related field. - Security certifications such as CompTIA Security+, CEH, CKS, SC-200, or cloud security certifications (AZ-900, AWS Security Specialty, GCP Professional Cloud Security Engineer) are desirable. **Responsibilities** - Design, develop, and maintain AI-powered automation solutions that integrate security into CI/CD pipelines and the software development lifecycle. - Build intelligent security automation for CI/CD platforms such as Azure DevOps, GitHub Actions, Jenkins, and GitLab CI, implementing policy-as-code, security gates, and pre-merge vulnerability checks. - Develop machine learning models to detect pipeline anomalies, including suspicious code commits, dependency changes, and build integrity violations. - Build and enhance LLM-powered remediation assistants for Infrastructure-as-Code (IaC) using Terraform, ARM templates, Helm charts, Checkov, and Terrascan. - Develop Retrieval-Augmented Generation (RAG) pipelines leveraging internal security policies, compliance standards, and hardening guidelines to provide contextual remediation recommendations. - Design and implement agentic AI workflows that orchestrate multiple security tools, consolidate scan results, prioritize findings, and automate ticket creation. - Develop NLP-based solutions to parse, classify, summarize, and analyze security scan outputs across diverse tools and report formats. - Build scalable RESTful APIs and microservices using FastAPI or Flask to expose AI-powered DevSecOps capabilities. - Develop integrations between security platforms, enterprise SIEM/SOAR solutions, ticketing systems, and developer platforms. - Automate container and Kubernetes security workflows, including image scanning, runtime security monitoring, and policy enforcement using OPA/Gatekeeper. - Build event-driven automation pipelines leveraging cloud-native messaging services for real-time security event processing. - Develop dashboards and reporting solutions to monitor security posture, remediation metrics, SLA compliance, and pipeline health. - Write unit tests, integration tests, and participate in peer code reviews to ensure code quality and reliability. - Monitor deployed AI models and automation services, implement model performance monitoring, drift detection, and automated retraining processes. - Maintain CI/CD pipelines for AI model deployment using MLOps platforms such as Azure ML, MLflow, or equivalent technologies. - Prepare technical documentation including API specifications, architecture diagrams, integration patterns, operational runbooks, and data models. - Collaborate with engineering, DevSecOps, cloud, and security teams to continuously improve automation reliability, security coverage, and developer experience. **Qualifications** Bachelor’s or master’s degree in computer science, Information Technology, or a related field.