Cloud DevSecOps Engineer

RegionsHoover, AL
$109,086 - $142,750Remote

About The Position

At Regions, the Cloud DevSecOps Engineer contributes to the advancement of cloud strategy. The primary focus of this role includes developing, communicating, and implementing robust and secure cloud continuous integration and continuous delivery (CI/CD) pipelines. This role works closely with stakeholders to create fully automated pipelines which support current DevSecOps best practices. The Cloud DevSecOps Engineer will drive innovation through the adoption of AI-enabled security capabilities, including LLM-integrated workflows, intelligent automation, and AI-assisted vulnerability remediation, to improve the effectiveness and efficiency of the Exposure Management program. In this role, you will: Build the integration of security practices, controls, and automated remediation capabilities into CI/CD pipelines, infrastructure-as-code (IaC), and cloud-native development processes to reduce organizational cyber exposure. Partner with Application Development, Platform Engineering, Cloud Engineering, and Security teams to identify, prioritize, and remediate vulnerabilities across applications, containers, cloud services, and code repositories. Drive the adoption and optimization of security tooling, including SAST, DAST, SCA, IaC scanning, secrets detection, container security, and software supply chain security solutions. Develop and maintain risk-based remediation workflows that align vulnerability findings with asset criticality, threat intelligence, exploitability, and business impact. Support the organization's Exposure Management program by establishing security guardrails, preventative controls, and continuous monitoring capabilities that reduce attack surface and security risk. Build security automation and orchestration capabilities to improve vulnerability detection and remediation, policy enforcement, configuration management, and developer self-service security functions. Define and report on key performance indicators (KPIs) and metrics related to application security, remediation effectiveness, security debt reduction, and secure development maturity. Serve as a security advocate for engineering teams, promoting secure-by-design principles, developer education, and a culture of shared responsibility for cybersecurity risk management.

Requirements

  • High School Diploma or GED and six (6) years of related post-secondary education and/or experience in Information Security or Information Technology
  • Excellent knowledge of Cloud infrastructure, networking, services, and cloud architectural patterns; specifically, compute using virtual machines, managed infrastructure, containers, serverless, as well as database services, security services, and application services
  • Proficient in python programming language
  • Understanding of Shift Left principles and facilitation technologies
  • Applicants for this position must currently be authorized to work in the United States on a full-time basis.

Nice To Haves

  • Two (2) years of relevant DevSecOps experience
  • AWS DevOps certification or Azure DevOps certification
  • Experience in building / deploying cloud native applications – OpenShift, Azure Kubernetes Service (AKS)
  • Experience with interfacing with secrets management solutions like Hashicorp Vault
  • Familiar with implementing Chaos engineering principles in the pipeline to determine weak links and suggest solutions.
  • Familiar with testing tools used to facilitate automation and integration of the tools into CI/CD pipelines
  • Working Knowledge of Jenkins, Azure DevOps, Ansible, Terraform, Packer, Git, ServiceNow a big plus

Responsibilities

  • Assists with releasing candidate CI/CD pipelines as a mechanism to communicate the states and steps necessary to determine a release candidate for each application and service
  • Designs and develops fully autonomous CI/CD pipelines which facilitate cloud deployments which includes automation of all infrastructure, services and application build and deployment
  • Ensures that all parts of the pipeline follow good software engineering practices to include automated tests and infrastructure tests
  • Builds tools which reduce errors and improve our overall customer experiences
  • Assists in troubleshooting of production issues and ensure pipeline and infrastructure produces clear documentation and metrics which enables Root Cause Analysis
  • Develops and tests – Ansible Playbooks, Terraform Scripts, Packer Scripts and establish immutable infrastructure such that patches are an artifact of the past
  • Works with Enterprise Architecture, Information Security (InfoSec), Software Delivery, and Quality Assurance to enable the organization to move to the cloud using complete automation
  • Ensures compliance with risk management programs, rules and regulations, and cybersecurity practices; identifies opportunities for and supports process improvements; applies disciplined change management practices
  • Build the integration of security practices, controls, and automated remediation capabilities into CI/CD pipelines, infrastructure-as-code (IaC), and cloud-native development processes to reduce organizational cyber exposure.
  • Partner with Application Development, Platform Engineering, Cloud Engineering, and Security teams to identify, prioritize, and remediate vulnerabilities across applications, containers, cloud services, and code repositories.
  • Drive the adoption and optimization of security tooling, including SAST, DAST, SCA, IaC scanning, secrets detection, container security, and software supply chain security solutions.
  • Develop and maintain risk-based remediation workflows that align vulnerability findings with asset criticality, threat intelligence, exploitability, and business impact.
  • Support the organization's Exposure Management program by establishing security guardrails, preventative controls, and continuous monitoring capabilities that reduce attack surface and security risk.
  • Build security automation and orchestration capabilities to improve vulnerability detection and remediation, policy enforcement, configuration management, and developer self-service security functions.
  • Define and report on key performance indicators (KPIs) and metrics related to application security, remediation effectiveness, security debt reduction, and secure development maturity.
  • Serve as a security advocate for engineering teams, promoting secure-by-design principles, developer education, and a culture of shared responsibility for cybersecurity risk management.

Benefits

  • Paid Vacation/Sick Time
  • 401K with Company Match
  • Medical, Dental and Vision Benefits
  • Disability Benefits
  • Health Savings Account
  • Flexible Spending Account
  • Life Insurance
  • Parental Leave
  • Employee Assistance Program
  • Associate Volunteer Program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service