DevSecOps Engineer

About The Position

Requirements

• 7-10 years in software engineering, DevOps, or cloud engineering.
• 3+ years in a DevSecOps focused role
• Deep mastery of cloud security, vulnerability analysis, and incident response.
• Demonstrable expertise in the AWS ecosystem
• Highly proficient in securing Infrastructure as Code (Terraform) and containerized environments.
• Hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP)
• Firm grasp of compliance frameworks like PCI and ISO 27001.
• Familiar with OWASP
• Proficient with modern security tooling
• Ability to secure complex API integrations and data protection layers.
• Understand the evolving landscape of AI regulations
• Technical curiosity to investigate how threat actors use AI to bypass traditional controls.
• Natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams.
• Can propose strategic methodologies to tackle legacy security debt and convince stakeholders of the business value of security-first design
• Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins)
• Strong hands-on experience with AWS cloud security
• Proficiency in application security tooling and integration
• Experience with container security (Docker, Kubernetes)
• Strong scripting/programming skills (Python, JavaScript)
• Understanding of modern DevSecOps and shift-left security practices
• Excellent collaboration skills across engineering, security, and DevOps teams

Responsibilities

• Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
• Design and maintain automated security workflows across build, test, and deploy stages
• Implement security gates, policy enforcement, and compliance checks within pipelines
• Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)
• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)
• Enforce least privilege access, secrets management, and runtime protections
• Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda).
• Move beyond manual checks by building real-time monitoring and automated remediation for AWS resources, ensuring we stay "audit-ready" for frameworks like PCI and ISO 27001.
• Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans.
• Develop security standards for Generative AI.
• Leverage AI-powered tools to explore our attack surface while defending against AI-driven threats.
• Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF to ensure a "least privilege" environment.

Benefits

• Flexible vacation
• Medical/dental/vision insurance
• Traditional/Roth retirement savings options
• Company-paid disability and life insurance
• Flexible Spending Account & Limited FSA
• Family-friendly parental leave, volunteer and voting time off
• On-demand wellness platform access for you and 5 friends and family
• PerkSpot discount program for 900+ merchants nationwide