Senior DevSecOps Engineer

About The Position

Requirements

• 5+ years of software development, DevOps, or security engineering experience
• 5+ years of dedicated security or DevSecOps practice
• 3+ years of hands-on experience building and maintaining CI/CD pipelines at scale
• 3+ years of Kubernetes administration, security hardening, or platform engineering experience
• Deep expertise in Azure DevOps and/or GitHub Actions
• Hands-on background with GitHub Secret Protection (secret scanning and push protection) and GitHub Code Security (code scanning, Dependabot, security overview); experience tuning detections, triaging alerts, enforcing repository-level policies at scale, and integrating findings into pipeline gates
• Expert-level knowledge of Kubernetes architecture, security, and operational management in AKS
• Hands-on experience with container image scanning, signing, and registry security
• Hands-on experience with Kyverno (or equivalent: OPA/Gatekeeper, Kubewarden)
• Proficiency with Azure services including AKS, ACR, Key Vault, Azure Policy, Azure DevOps
• Strong scripting skills in PowerShell, Bash, Python, or Go
• Strong Terraform skills including module design, state management, and policy testing; experience codifying security baselines as reusable infrastructure blueprints (Terraform modules and/or Azure Blueprints) to enforce guardrails at provisioning time
• Hands-on experience using AI coding assistants (e.g., GitHub Copilot, Claude Code, Cursor) to accelerate secure development; comfort evaluating, integrating, and operating AI-assisted security tooling — AI-driven SAST, agentic vulnerability triage, MCP-based pipeline automations — with appropriate guardrails for a regulated environment

Nice To Haves

• Hands-on design and implementation of zero trust models in production environments
• Experience with SBOM generation, attestation, provenance
• CKS, AZ-500, AWS Security, CCSK, CISSP certifications
• Prior experience in banking, financial services, or other highly regulated industries

Responsibilities

• Design, build, and manage secure CI/CD pipelines using Azure DevOps and GitHub Advanced Security
• Implement and enforce security gates, policy-as-code controls, and approval workflows at every pipeline stage
• Integrate vulnerability scanning tools (SAST, DAST, SCA, container scanning) and aggregate findings into centralized reporting dashboards
• Operationalize security scanning across multiple tools (GitHub Advanced Security, SonarQube, etc.)
• Build automated workflows to correlate, deduplicate, and prioritize vulnerability data from disparate sources
• Implement Kyverno policies to enforce container image security, network policies, and runtime constraints
• Design and deploy Kubernetes Pod Security Standards, network policies, and RBAC configurations
• Manage container image scanning, signing, and attestation in Azure Container Registry (ACR)
• Lead the design and implementation of zero trust security principles across infrastructure and applications
• Implement workload identity and managed identity solutions in Azure for application-to-service authentication
• Design network segmentation, microsegmentation policies, and encrypted inter-service communication
• Identify, evaluate, and operationalize AI-powered security tools across the SDLC — code review assistants, automated triage agents, anomaly detection — establishing review patterns, prompt and policy controls, and audit trails appropriate to a regulated environment
• Define and enforce secure usage standards for AI coding assistants and agentic developer tools (data handling, secret-leak prevention, model and provider governance, validation of model output)
• Build internal automations using LLMs and MCP-style integrations to reduce toil in vulnerability triage, policy authoring, evidence collection for audits, and incident response

Benefits

• excellent career opportunities
• a wide array of benefits