Senior DevSecOps Engineer

About The Position

Requirements

• Bachelor's degree in Engineering, Computer Science, Management Information Systems, or a related study, or equivalent experience.
• Minimum of 5+ years of professional experience in DevOps, security engineering, or a related field.
• Strong understanding of security principles and best practices, including threat modeling, risk assessment, and vulnerability management.
• Proficiency with DevOps tools and practices, including CI/CD pipelines, containerization (Docker, Kubernetes), and version control systems (Git).
• Solid understanding of cloud security concepts and experience with cloud platforms (AWS, Azure, Google Cloud).
• Strong scripting and automation skills using languages such as Python, Bash, or PowerShell.
• Experience with security tools such as OWASP ZAP, Burp Suite, Nessus, Metasploit, or similar.
• Experience in development with shell scripting such as Python, GoLang, etc..
• Expertise in the Linux operating system.
• Must be able to demonstrate innovation in problem-solving.
• Clear communication with team members and product owners.
• Ability to effectively communicate technical findings to both technical and non-technical stakeholders.
• Must follow and support agile methodologies and practices by actively participating in all SCRUM ceremonies.
• Must adhere to and develop best practices in software engineering.

Nice To Haves

• Experience integrating Cloud Security Posture Management (CSPM) tooling with application security pipelines.
• Experience with Kubernetes security and best practices.
• Experience collaborating with vulnerability and risk management partners to interface with risk management and acceptance processes.
• Experience developing and/or deploying training for software engineers around DevSecOps tooling, secure development standards, and application security fundamentals.

Responsibilities

• Integrate security into the CI/CD pipeline, automating security controls and embedding security throughout the development lifecycle.
• Support, and maintain Application Security Testing (AST) tools (SAST, DAST, IAST, SCA) to identify code and dependency vulnerabilities.
• Conduct security assessments, vulnerability analysis, and penetration testing to identify and mitigate security risks.
• Develop and maintain secure infrastructure as code (IaC) scripts using tools like Pulumi, Terraform, or CloudFormation.
• Implement and manage security tools and technologies such as SIEMs, IDS/IPS, firewalls, and endpoint protection.
• Monitor and respond to security incidents, performing root cause analysis and implementing corrective measures.
• Educate and train development and operations teams on secure coding practices and security tooling.
• Stay up to date with the latest security threats, trends, and technologies, and proactively address potential risks.
• Create and maintain documentation related to security policies, procedures, and standards.
• Participate in security audits and compliance initiatives to ensure adherence to industry regulations and standards.
• Provide thorough unit testing and automated testing to ensure a quality product is delivered.
• Improve, enhance, and support existing operations.
• Design, build, install, configure, and support production deployments.
• Manage the work of teams implementing DevOps solutions in complex projects.

Benefits

• All employees receive equity packages (ISOs) and have access to a comprehensive benefits offering.
• competitive pay
• attractive stock grants
• flexible paid time off