DevSecOps Engineer

About The Position

Requirements

• Proven Seniority: This is not a junior-level role; you have a 5+ year track record of success in DevSecOps, Cloud Security, or Security Engineering.
• AWS Expertise: Deep, hands-on experience with AWS security services and cloud best practices.
• Security as Code: Proficiency in Infrastructure as Code (IaC) principles; experience with AWS CDK is a plus, but a willingness to master it is essential.
• Automation Mindset: Strong scripting and automation skills used to manage vulnerabilities and security testing.
• Compliance & Frameworks: A solid understanding of frameworks like SOC 2 Type II, ISO 27001, or NIST 800-53. You can translate these technical controls into clear context for audit reporting.
• Audit Readiness: Experience leading evidence collection and supporting external auditors during security assessments.
• Strong problem-solving skills and the ability to navigate complex cybersecurity environments.
• Excellent communication skills, with the ability to provide clear, actionable guidance to technical and non-technical teams.
• A collaborative and mission-driven approach, with a commitment to CredLens' core values.
• Ability to learn new technologies and acquire new skills regularly.
• Thrives under pressure, is operationally focused, and is a collaborative team player.

Nice To Haves

• While a degree in Computer Science or Information Security is welcome, we place higher value on practical, real-world experience and proven industry credentials such as those from ISC2 (CISSP or CCSP), CompTIA Security+, or AWS Certifications (Security or DevOps Specialty).

Responsibilities

• AWS Infrastructure Security
• Act as a subject matter expert in securing Infrastructure as Code (IaC), with a primary focus on the AWS Cloud Development Kit (CDK).
• Support and secure our AWS environments by managing and implementing AWS security tooling, including but not limited to AWS Security Hub, Inspector, GuardDuty, AWS WAF, CloudTrail, and others.
• Manage and mature IAM Roles and groups, leveraging Access Analyzer, with a focus on advancing an identity and zero trust model.
• Application Security
• Lead security application development efforts by implementing and managing security testing tools such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
• Focus on providing architectural guidance and solutions for secure product development.
• Proactively classify, triage, and manage security vulnerabilities and risks, providing clear, actionable remediation guidance to development teams.
• Act as a subject matter expert, providing actionable recommendations to development teams and assisting with the remediation of security findings.
• AWS Infrastructure & DevOps
• Assist teams in securing infrastructure code, with a specific focus on the AWS Cloud Development Kit (CDK).
• Serve as a backup/on-call resource to support and secure our AWS environments.
• Support and secure the delivery pipeline using AWS CodePipeline and GitHub.
• Incident Management & Threat Response
• Participate in incident detection and threat response activities, helping to identify, contain, and remediate security incidents.
• Work with SIEM solutions, manage log ingestion and tuning, and actively respond to security alerts and findings.
• Business Information Security and Operations
• Collaborate with engineering teams to design and validate Identity and Access Management (IAM) models for third-party partners and vendors, ensuring least-privilege access to CredLens data assets.
• Assist in translating technical security controls into a non-technical context for audit reporting and stakeholder communication.
• Support audit and compliance activities for security frameworks such as SOC 2 Type II, ISO 27001, and NIST 800-53, by helping to collect evidence and validate control effectiveness.