I explained that my approach starts with treating security as code and embedding it directly into the CI/CD pipeline. I integrate SAST, DAST, and dependency scanning tools like Snyk and Trivy into the build process so vulnerabilities are detected early before deployment. I also enforce secret scanning, image signing, and policy-as-code controls using OPA Gatekeeper and GitLab CI/CD rules, ensuring only compliant artefacts progress through stages. To maintain integrity, I use IAM least privilege, KMS for key management, and GitOps workflows (Argo CD) to eliminate configuration drift and provide auditable change control. Finally, I continuously monitor runtime environments with Falco and Prometheus alerts, creating a feedback loop so every stage—from commit to production—remains secure and observable.