DevSecOps Engineer

About The Position

Requirements

• 3+ years of experience in security operations, application security, or DevSecOps roles
• Basic scripting or automation experience in a language such as Python, Golang, or equivalent
• Deep knowledge of application security practices including secure coding, OWASP Top 10, API security, threat modelling, and common vulnerability categories (SAST, DAST, SCA)
• Experience automating security or development workflows using Python or similar scripting languages
• Familiarity with vulnerability management processes and remediation prioritization
• Familiarity with CI/CD pipelines and modern development workflows (e.g., Git-based version control)
• Proven ability to design security architectures that address complex threat models and organizational compliance requirements at scale
• Excellent communication and leadership skills with the ability to influence and communicate technical security concepts clearly to diverse audiences (executives, developers, security teams, operations)
• Strong REST and GraphQL API experience, including security implications of API design, authentication, authorization, and API-centric architectures

Responsibilities

• Lead shift-left security initiatives by introducing and implementing advanced security testing frameworks within CI/CD pipelines (SAST, DAST, SCA, container scanning, secrets management), while establishing metrics and best practices for the broader organization
• Develop scripts and automation to support dependency analysis, reporting, and security workflows
• Contribute to documentation, standards, and best practices related to dependency management, open-source usage, and secure software development
• Develop high-quality, maintainable code in Python, Golang, or related languages for security tooling, automation frameworks, and integrations that serve Autodesk security teams and the wider engineering community
• Triage and analyze vulnerability findings from SCA tools (e.g., Black Duck, Dependabot), validate impact, and partner with product teams on remediation strategies
• Partner with cross-functional security teams—including infrastructure, engineering, operations, incident response, and offensive security—to translate security requirements into scalable technical solutions and comprehensive security programs
• Establish security standards and best practices by conducting security architecture reviews, leading design discussions, and providing technical guidance to engineering teams on implementing security controls and threat mitigation strategies
• Evaluate, customize, and integrate commercial and open-source security tools to meet Autodesk's specific requirements, improving tooling capabilities through custom extensions and integrations where needed
• Mentor and develop junior team members, sharing knowledge about DevSecOps best practices, security architecture, and engineering excellence