Senior DevSecOps Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Information Systems or a related field
• Minimum 5 years of experience in DevSecOps, application security, or secure platform engineering
• Demonstrated experience implementing and operating security controls across CI/CD, cloud, and SDLC environments
• Strong foundational knowledge across DevOps and platform engineering, including: Core networking concepts (VPC/VNet, DNS, TCP/IP, TLS, load balancing, proxies, firewall/NSG) Windows and Linux systems (processes, permissions, filesystems, networking, troubleshooting) Git-based workflows (branching strategies, pull requests, releases) Scripting and automation (PowerShell, Bash, and/or Python)
• Strong hands-on experience implementing DevSecOps security controls, including: Secure SDLC practices and OWASP guidance (from a control, tooling, and risk perspective) Azure cloud security and identity services (Entra ID, Azure B2C/External ID) CI/CD pipelines, Git-based workflows, and build/deploy automation Containers and orchestration fundamentals (Docker, Kubernetes) and Infrastructure as Code (Terraform, Ansible) Vulnerability management tooling (SAST, DAST, SCA, image scanning)

Nice To Haves

• Microsoft security certifications aligned to Azure, identity, and cloud architecture (e.g., SC-100, AZ-500, SC-300)
• Industry-recognized security certifications such as CSSLP, CISSP, CISM, or relevant GIAC credentials

Responsibilities

• Design, implement, and maintain security controls across all SDLC phases
• Translate security policy, OWASP guidance, and SOC-aligned requirements into engineering standards and pipeline controls
• Embed security checks and guardrails into Agile and DevOps workflows (Jira Software, Azure DevOps)
• Ensure SDLC controls generate reliable, repeatable audit evidence supporting SOX and SOC 1 / SOC 2 assessments
• Perform application risk profiling and threat modeling for new and materially changed systems
• Review application, API, and platform architectures from a security and risk perspective, providing guidance on required security controls and integration patterns
• Design and implement security architecture components, guardrails, and shared controls supporting: Azure PaaS resources and identity integrations (Entra ID, Azure B2C/External ID) Web applications hosted on IIS and Node.js APIs and externally exposed services Data platforms including Microsoft SQL, Oracle SQL, CosmosDB, Databricks, and Microsoft Fabric
• Partner with architects and engineers to ensure alignment with approved security patterns and baselines, without owning application code or business logic
• Secure CI/CD pipelines and Git-based workflows
• Implement application security tooling integrations and tune results for actionable signal
• Integrate SAST, DAST, SCA, image scanning, and secrets detection into pipelines
• Implement secure secret management, pipeline access controls, and deployment protections
• Configure and maintain security controls for Web Application Firewalls (WAF), API gateways, and ingress layers
• Define security testing requirements and acceptance criteria aligned to SDLC controls
• Implement and maintain automated security testing workflows
• Validate remediation of application and pipeline security findings
• Maintain traceability between findings, fixes, Jira tickets, and generated audit evidence
• Participate in incident response activities related to application, pipeline, and identity security
• Support root-cause analysis and implement preventative improvements through enhanced observability and security telemetry
• Validate backup, restore, and disaster recovery controls with a security and access-control focus
• Define and track security metrics supporting continuous improvement and SOC evidence requirements