DevSecOps Engineer

Position Summary

We are seeking a Sr. Security Engineer to lead the integration of security across the software

development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and

application security, driving automation, scalability, and secure-by-default development practices.

You will design and implement security-first CI/CD pipelines, embed automated security testing, and

partner with engineering teams to ensure applications are built, deployed, and operated securely—at

scale

Key Responsibilities

Security Automation & CI/CD Integration (Core Focus)

• Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD

pipelines

(GitHub Actions, Jenkins, GitLab CI, Azure DevOps)

• Design and maintain automated security workflows across build, test, and deploy stages

• Implement security gates, policy enforcement, and compliance checks within pipelines

Cloud Security (AWS Focus)

• Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)

• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)

• Enforce least privilege access, secrets management, and runtime protections

• An Experienced Defender: You bring 7-10 years in software engineering, DevOps, or cloud engineering. 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response.
• A Cloud Specialist: You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments.
• Certified and Credentialed: You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP) and have a firm grasp of compliance frameworks like PCI and ISO 27001.
• Technically Versatile: You are familiar with OWASP, proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers.
• AI-Aware: You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls.
• A Strategic Partner: You are a natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams.
• An Elite Communicator: You can propose strategic methodologies to tackle legacy security debt and convince stakeholders of the business value of security-first design

  Core Skills & Capabilities

  • Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins)

  • Strong hands-on experience with AWS cloud security

  • Proficiency in application security tooling and integration

  • Experience with container security (Docker, Kubernetes)

  • Strong scripting/programming skills (Python, JavaScript)

  • Understanding of modern DevSecOps and shift-left security practices

  • Excellent collaboration skills across engineering, security, and DevOps teams