Senior DevSecOps Engineer

About The Position

Requirements

• 7+ years of experience in cybersecurity engineering, DevSecOps, cloud security, software engineering, infrastructure engineering, or a related field
• Strong hands-on experience securing cloud environments, preferably AWS
• Experience with infrastructure as code, especially Terraform or similar tools
• Experience securing code repositories, CI/CD pipelines, developer workflows, or software delivery platforms
• Familiarity with secure SDLC practices, application security, API security, vulnerability remediation, and software supply chain security
• Experience coordinating remediation of security findings with engineering teams
• Strong understanding of cloud IAM, network security controls, secrets management, logging, monitoring, and secure configuration
• Experience working in regulated environments or environments with formal audit, compliance, or control requirements
• Self-motivated learner who proactively researches emerging technologies, security trends, and evolving threats without waiting for direction
• Ability to learn a new platform and quickly become proficient
• Strong written and verbal communication skills, including the ability to document technical decisions and explain security concepts clearly to engineering and business stakeholders

Nice To Haves

• Experience supporting financial services, insurance, annuity, fintech, or other regulated environments
• Experience with cloud security posture management, cloud vulnerability management, or infrastructure security tooling
• Experience with GitHub security controls, GitHub Advanced Security, code scanning, secret scanning, dependency review, or similar capabilities
• Experience with penetration test remediation, application security review, threat modeling, or secure architecture review
• Familiarity with frameworks and requirements such as SOC 2, ISO 27001, NAIC, NIST, or similar control frameworks
• Experience with developer security enablement, security champions, engineering training, or secure SDLC rollout
• Certifications such as CISSP, cloud security certifications, AWS security certifications, or other relevant security or engineering certifications

Responsibilities

• Design, implement, and improve security controls across cloud infrastructure, application environments, developer workflows, and engineering platforms
• Review cloud architecture, infrastructure as code, APIs, integrations, and application design for security risks
• Help identify, prioritize, and remediate cloud misconfigurations, infrastructure weaknesses, and security findings
• Support secure configuration of cloud services, identity and access controls, network security controls, and service-level security settings
• Maintain documentation of cloud and engineering security decisions, control patterns, remediation actions, and operational procedures
• Implement and improve security controls across code repositories, CI/CD pipelines, and software delivery workflows
• Support branch protection, repository permissions, secrets scanning, code scanning, dependency review, and secure development practices
• Partner with engineering teams to embed security into the development lifecycle without unnecessarily slowing delivery
• Coordinate remediation of vulnerabilities identified through cloud security platforms, code scanning, penetration testing, application security reviews, infrastructure-as-code review, and audit findings
• Help define repeatable secure development, deployment, and remediation patterns
• Review applications, APIs, integrations, and platform designs for security risks and practical remediation options
• Help improve software supply chain security, dependency management, secrets handling, and secure deployment workflows
• Provide practical guidance to engineers on secure coding, secure cloud usage, access control, logging, monitoring, and remediation priorities
• Collaborate with engineering and platform teams to ensure security findings are understood, prioritized, and resolved
• Help prepare the organization for Internal Audit, external audits, regulatory reviews, and control assessments
• Support security control implementation and evidence gathering for frameworks and expectations such as SOC 2, ISO 27001, NAIC, and other relevant standards
• Ensure security work is documented, repeatable, reviewable, and aligned with control requirements
• Follow change management processes and support appropriate review and approval of security configuration changes
• Partner with the Office of the CISO to prioritize cloud, application, and SDLC security improvements and reduce operational risk
• Provide hands-on security architecture input for cloud infrastructure, application platforms, APIs, CI/CD workflows, and engineering practices
• Identify security design gaps and recommend practical, implementable improvements
• Help define secure patterns for cloud services, infrastructure as code, source control, CI/CD, secrets management, and application delivery
• Advise on secure use of emerging technologies and AI-enabled development or automation tools where relevant
• Help ensure cloud, application, and SDLC security controls are implemented, documented, monitored, and improved over time
• Help the Office of the CISO prepare for internal audit, external audit, regulatory reviews, and security control assessments by supporting evidence collection, remediation tracking, secure configuration, change management, and control documentation across cloud and engineering workflows

Benefits

• PTO
• health benefits
• career growth opportunities