DevSecOps Engineer

Avnet•Chandler, AZ

8d•Hybrid

About The Position

We are seeking a highly autonomous and hands-on DevSecOps / Application Security Engineer to champion security integration across our global application ecosystem. This role sits at the intersection of application security, software engineering, and cloud automation. You will be responsible for assisting in the design, implementation, and scaling of security controls throughout the Software Development Lifecycle (SDLC), primarily focusing on securing Azure-native services and driving cultural change toward secure-by-default practices among global development and architecture teams.

Requirements

Cloud Depth: Hands-on experience securing production workloads in the Microsoft Azure ecosystem. Deep familiarity with key services like AKS, Azure Functions, App Services, and Azure Firewall/WAF.
CI/CD Mastery: Demonstrated expertise automating security controls (scanning, gating, posture checks) within GitHub Actions and/or GitLab CI/CD.
Security Knowledge: Strong, actionable knowledge of the OWASP Top 10/API Security and aligning practices to standards like NIST 800-53.
Automation: Proficiency in Python, PowerShell, or Bash for creating security automation, custom checks, and tool integration.
Tooling: Working experience with modern enterprise security tools (e.g., Snyk, Checkmarx, Prisma Cloud, GitHub Advanced Security, or ASPM platforms).
Container Security: Practical experience with container runtime security and posture management (e.g., Defender for Containers, Falco).
Typically, 8+ years with bachelor's or equivalent.

Responsibilities

Pipeline Security Automation: Design, implement, and centrally manage advanced security tooling (SAST, DAST, SCA, Secrets Management) directly within high-volume GitHub Actions and GitLab CI/CD pipelines.
Azure Cloud Security Engineering: Engineer and enforce security controls for our Azure-native services (e.g., AKS, Azure Functions, App Services), with a strong emphasis on Managed Identities, Azure Policy, Defender for Cloud, and securing the networking perimeter (e.g., App Gateway WAF).
Secure Design & Governance: Lead threat modeling sessions and security design reviews for net-new, large-scale applications. Design and operationalize security guardrails aligned with enterprise standards (OWASP API Security, NIST, PCI-DSS).
Vulnerability Remediation & Coaching: Drive the end-to-end vulnerability lifecycle, from discovery (e.g., coordinating with Red Teams/Bug Bounty) to defining clear, actionable security-focused remediation guidance for development teams.
IaC Security: Embed security checks and best practices into our Infrastructure-as-Code workflows, primarily using Terraform or Bicep.
Identity & Access Management: Define and implement robust access controls and key management strategies utilizing Azure Key Vault and cloud-native identity solutions.
Other duties as assigned