Senior Development Security Operations Engineer

American Tower•Cary, NC

About The Position

The Team We are seeking a Senior Development Security Operations Engineer to join American Tower’s Information Security organization. The Information Security team is responsible for protecting the confidentiality, integrity, and availability of American Tower’s data and systems in our core systems and platforms. As a Senior Development Security Operations Engineer, your daily responsibilities will focus on embedding security controls into software delivery pipelines, code repositories, and cloud-native platforms. You will play a critical role in enabling secure software development at scale by implementing automated guardrails, integrating security tools into developer workflows, and ensuring continuous enforcement of security requirements. Working in close partnership with Application, Cybersecurity Engineering, and Governance Risk & Compliance teams, your role will involve translating security requirements into scalable, automated controls across Continuous Integration / Continuous Delivery (CI/CD) pipelines and infrastructure. You will help ensure that security is enforced consistently through policy-as-code, pipeline automation, and platform engineering practices. As a senior technical contributor, you will drive the adoption of secure-by-default engineering patterns, balancing strong security controls with developer experience and delivery velocity.

Requirements

7+ years of experience in DevSecOps, security engineering, or platform engineering, with strong hands-on experience implementing CI/CD and automation solutions.
Strong hands-on experience with code repository platforms (e.g., GitHub, GitLab, Azure DevOps), including implementation of advanced security controls and governance.
Deep experience with cloud-native technologies, including containers (Docker), orchestration platforms (Kubernetes), and infrastructure-as-code tools such as Terraform, Azure Resource Manager (ARM), and AWS CloudFormation.
Strong understanding of software supply chain security risks and controls, including dependency management and Software Bill of Materials (SBOM) practices.
Experience implementing policy-as-code frameworks using tools such as Azure Policy, AWS Config, Open Policy Agent (OPA), or similar technologies.
Proficiency in scripting and automation (e.g., Python, PowerShell, Bash) and DevOps tooling (e.g., Jenkins, GitHub Actions, Azure Pipelines).
Strong understanding of the Secure Development Lifecycle (SDLC) and the ability to operationalize controls within engineering environments.
Ability to collaborate effectively with Application, Cybersecurity, and business teams to implement scalable security solutions.
Strong written and oral communication skills, including the ability to present ideas and suggestions clearly and effectively.
Ability to work with different functional groups and levels of employees to effectively and professionally achieve results.
Strong organizational skills; ability to accomplish multiple tasks within the agreed upon timeframes through effective prioritization of duties and functions in a fast-paced environment.

Responsibilities

Design, implement, and optimize secure Continuous Integration / Continuous Delivery (CI/CD) pipelines, embedding automated security controls such as: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Secrets scanning, Infrastructure as Code (IaC) scanning, and Container image scanning
Implement and enforce policy-as-code frameworks, ensuring that security requirements are version-controlled, machine-readable, and automatically enforced across build, deployment, and runtime environments.
Lead the implementation of code repository security controls (e.g., Bitbucket, GitHub, GitLab, Azure DevOps), including branch protections, access controls, commit integrity checks, and prevention of unauthorized or insecure code changes.
Develop and maintain security guardrails for developer platforms, ensuring secure configurations for pipelines, repositories, and development environments.
Integrate security controls into cloud-native environments, including container platforms (e.g., Kubernetes) and infrastructure-as-code provisioning tools such as Terraform, Azure Resource Manager (ARM), and AWS CloudFormation.
Implement secrets management solutions, ensuring secure storage, rotation, and usage of credentials, Application Programming Interface (API) keys, and tokens across applications and pipelines.
Automate enforcement of secure development standards by embedding security checks directly into engineering workflows and deployment processes.
Partner with Application Security to translate requirements into technical controls and ensure consistent enforcement across all application environments.
Design and implement controls to secure the software supply chain, including dependency management, Software Bill of Materials (SBOM) generation, and protection against malicious or vulnerable third-party components.
Build and maintain monitoring, logging, and alerting capabilities for pipeline and application security events to enable rapid detection and response.
Drive continuous improvement of DevSecOps capabilities, including automation, standardization, and performance optimization of security tooling.
Provide technical leadership and mentorship to engineers on DevSecOps practices, automation, and secure platform engineering.
Other duties as assigned.