Senior AEM DevSecOps Engineer

As an AEM DevSecOps Engineer, you will oversee and automate our AEM infrastructure with a primary focus on security, reliability, and automated compliance. You will bridge the gap between development and operations by embedding security directly into the CI/CD pipeline and managing complex identity and content delivery architectures, including headless AEM and Auth0 integrations. Your role is pivotal in ensuring that our platform is not only high-performing but resilient against modern threats like DDoS attacks.

Key Responsibilities

• Identity & Access Management: Configure and manage Auth0 integrations for AEM, including token validation, OIDC/SAML configurations, and custom login modules to ensure secure user authentication.
• Headless Security: Oversee the security of AEM Headless deployments, including protecting GraphQL endpoints, managing CORS policies, and ensuring secure communication for decoupled front-end frameworks (React/Angular).
• Edge & CDN Protection: Manage and configure CDN (e.g., Cloudflare, Akamai, or Adobe-managed CDN) to optimize performance and implement DDoS mitigation strategies.
• Traffic Filtering: Implement and maintain Traffic Filter Rules and Web Application Firewall (WAF) configurations at the CDN level to block malicious spikes and sophisticated application-layer attacks.
• Automated Security Scanning: Integrate security tools (SAST/DAST) and secrets detection into CI/CD pipelines (Jenkins, GitLab) to identify vulnerabilities early in the development cycle.
• Environment Hardening: Install and manage AEM author, publish, and dispatcher instances with a focus on Dispatcher security hardening, SSL certificate automation, and ModSecurity configurations.
• Observability & Incident Response: Monitor system performance and security logs using tools like Splunk or New Relic to proactively address threats and performance bottlenecks.
• Compliance Auditing: Regularly audit the platform and its integrations (Adobe Analytics, Target) to ensure alignment with corporate security policies and industry standards.

Required Skills & Experience

• Experience: 5+ years in administering and securing AEM environments.
• Identity Services: Proven experience integrating Auth0 or similar Identity Providers (IdP) for enterprise-scale authentication.
• Architectural Knowledge: Strong understanding of Headless CMS security best practices, including API key management and JWT authentication.
• Network Security: Expertise in managing CDNs and implementing DDoS mitigation and WAF rules.
• Technical Stack: Proficiency in Apache Sling, JCR, OSGi, and web servers like Nginx or Apache.
• Automation: Hands-on experience with scripting (Python) and CI/CD tools (Jenkins, CircleCI) to automate security and deployment workflows.
• Cloud Experience: Experienc