SAP NS2 Senior DevSecOps Engineer

About The Position

Requirements

• Must be a U.S. citizen; this position requires access to customer data.
• 7+ years of experience in security engineering, DevSecOps, or cloud security operations
• Strong DevOps/infrastructure background: you’ve built and operated CI/CD pipelines, managed Kubernetes clusters, and automated infrastructure
• Deep AWS cloud security expertise (equivalent Azure/GCP experience also considered with some AWS proficiency)
• Hands-on experience with Kubernetes security (EKS, GKE, or AKS) and container security principles
• Proficiency with Infrastructure as Code: Terraform, CloudFormation, Helm, or Pulumi
• Strong scripting and automation skills in Python, Go, Shell, and/or HCL
• Proven ability to lead threat modeling exercises and translate findings into actionable controls
• Deep understanding of IAM, cloud identity, and least-privilege principles at scale
• Practical knowledge of web application security fundamentals (OWASP Top 10)
• Configured and tuned cloud security policies, rules, and risk scoring to align with organizational risk appetite and compliance frameworks
• Built custom integrations using security platform APIs, including automated workflows for ticket creation, alert routing, CI/CD gating, and reporting
• Leveraged CSPM, CIEM, vulnerability scanning, container/Kubernetes security, and IaC scanning capabilities in production
• Experience with EDR/XDR platforms such as CrowdStrike Falcon for endpoint detection, threat hunting, and incident response across cloud and hybrid environments
• Ability to design and operate vulnerability management programs including scan scheduling, prioritization, SLA enforcement, and remediation tracking
• Experience with Dynatrace or equivalent APM/observability platforms for infrastructure monitoring, application performance analysis, and security-relevant telemetry
• Ability to correlate observability data with security findings to improve detection, triage, and incident response workflows
• Experience with Tenable (Tenable.io, Nessus, or Tenable.sc) for vulnerability scanning automation, including API-driven scan scheduling, asset discovery, reporting pipelines, and integration into CI/CD or remediation workflows
• Experience with Trend Micro (Cloud One, Vision One, or Deep Security) for automated workload and endpoint protection, including policy deployment and management, container security, and integration with orchestration and incident response tooling

Nice To Haves

• Experience building custom API integrations for reporting, automation, or SOAR workflows
• Experience with FedRAMP or other compliance-driven environments (SOC 2, ISO 27001, NIST 800-53 R5, CMMC)
• Background in SRE or platform engineering with a pivot into security
• Experience with complementary security tooling: SIEM/SOAR platforms, EDR, network security
• AWS, Azure, GCP cloud certifications
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (equivalent experience accepted)
• Experience working with remote, globally distributed teams

Responsibilities

• Assist with security reviews across cloud infrastructure, CI/CD pipelines, and Kubernetes-based workloads.
• Develop scalable mitigation strategies and secure baselines.
• Build automation, policy-as-code, and security tooling that enables development teams to shift left.
• Integrate security findings into CI/CD workflows, IaC pipelines, and developer feedback loops.
• Drive vulnerability management and remediation across cloud and container environments.
• Prioritize issues using risk context, implement mitigations, and design preventative controls across software supply chains.
• Design and implement secure baselines for cloud resources, Kubernetes clusters (EKS/GKE/AKS), IAM, and network architecture.
• Enforce guardrails through policy-as-code.
• Support the configuration, optimization, and integration of CNAPP platforms as a core component of our cloud security stack.
• Drive adoption, tune policies, build API integrations, and ensure CNAPP capabilities are fully leveraged across the organization.
• Build deep partnerships with DevOps, Platform Engineering, Security Engineering, Product, and SecOps teams.
• Enable secure-by-design solutions without becoming a bottleneck.

Benefits

• Constant learning, skill growth
• Great benefits
• Team that wants you to grow and succeed
• SAP North America Benefits