DevSecOps Engineer

About The Position

Requirements

• High school diploma or GED required
• Minimum five (5) years of experience in IT Security
• Minimum three (3) years of experience in DevOps Engineering
• Experience with Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools
• Experience in Security incident management and reporting
• Experience with vulnerability management and remediation
• Excellent verbal and written communication, planning, analysis and organizing skills
• Strong troubleshooting and problem-solving skills

Nice To Haves

• Bachelor’s degree in Computer Science, Information Technology, Information Security, and/or a related field or an equivalent combination of education and experience preferred
• Experience with Github and Azure DevOps preferred
• Experience with Kubernetes and Docker preferred
• CISSP, SecurityX (CASP+), or GCIH preferred

Responsibilities

• Embeds and enforces security throughout the Software Development Life Cycle (SDLC) by integrating automated controls (e.g., SAST, DAST, SCA, secrets detection, and IaC scanning) into CI/CD pipelines, DevOps tooling, and cloud-native workflows.
• Partners with development and platform teams to identify and remediate security vulnerabilities early in the development process while maintaining development speed and minimizing release delays.
• Collaborates with engineering teams to design, implement, and maintain scalable security controls across cloud infrastructure and application environments, to ensure consistent enforcement of company standards and compliance requirements.
• Drives comprehensive visibility and threat detection through centralized logging, monitoring, and alerting integrations to enable proactive identification of misconfigurations, anomalous behavior, and emerging threats across the production landscape.
• Develops and continually improves processes supporting the IT Security Framework to include vulnerability management, risk management, and remediation tracking.
• Conducts regular vulnerability scans across on-premises and cloud environments while prioritizing risks based on severity, exploitability, and business impact.
• Coordinates remediation with internal teams and external vendors to ensure timely closure and measurable risk reduction.
• Serves as a primary responder for security incidents by triaging alerts, containing threats, performing root cause analysis, and producing detailed incident reports documenting findings, response actions, and lessons learned.
• Identifies and investigates actual or suspected security violations, conducts thorough follow-up analysis and provides recommendations to prevent recurrence and strengthen the company’s overall security posture.

Benefits

• medical, dental and vision insurance
• flexible spending accounts and/or health savings accounts
• dependent savings accounts
• 401(k) with company matching contributions
• employee stock purchase plan
• tuition reimbursement program
• 9 paid holidays per year
• accrue paid time off (PTO) at a rate of 0.0577 hours of PTO per hour worked, up to a maximum of 120 hours per year