DevSecOps Engineer

What You’ll Need:

• Minimum of 5-7 years of experience in software engineering, DevOps, or a related technical role, with a focus on cybersecurity.
• Proven experience in a lead or senior-level role, with a track record of driving large-scale security initiatives.
• Demonstrated hands-on experience in building and securing CI/CD pipelines and cloudnative applications.
• Experience working in a hybrid agile & waterfall environment and a deep understanding of the software development lifecycle (SDLC).
• Proficiency in at least one major programming (e.g., Python, Go, Java, or similar).
• Expertise in CI/CD platforms such as Jenkins, or GitHub Actions.
• knowledge of cloud platforms (Azure, AWS or GCP) and their security services.
• Hands-on experience with containerization and orchestration technologies like Docker and Kubernetes.
• Deep understanding of security tools and practices, including SAST, DAST, SCA, secrets management & scanning.
• Familiarity with security frameworks and standards (e.g., OWASP Top 10, NIST, ISO 27001).
• Proficiency with Infrastructure as Code (IaC) tools (e.g., Terraform).
• Exceptional communication and presentation skills.
• leadership and mentoring abilities.
• Excellent problem-solving and critical-thinking skills.
• Proven ability to influence and collaborate with cross-functional teams and senior management.
• High degree of adaptability and a continuous learning mindset.
• Certified Information Systems Security Professional (CISSP) is a plus.
• Certified DevSecOps Professional (CDP) is a plus.
• Azure/AWS Certified Security - Specialty or other cloud-specific security certifications are a plus.
• GIAC certifications (e.g., GCSA, GWEB) are a plus.

What You’ll Do:

• Serve as a key technical advisor for the DevSecOps strategy for the engineering teams.
• Lead the planning and implementation of a comprehensive DevSecOps roadmap to our security posture.
• Foster a culture of security as a shared responsibility across all engineering teams.
• Mentor and coach engineers on secure coding practices, threat modeling, and vulnerability management.
• Design, build, and maintain secure CI/CD pipelines, embedding security controls throughout the SDLC.
• Lead technical implementation workstreams and mentor engineers on advanced security concepts.
• Partner with development teams to embed security into engineering culture and processes.
• Influence without direct authority, driving adoption of secure development practices across teams.
• Develop and implement automation for security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Write secure, scalable, and maintainable code inlanguages such as Python, Go, or Java to build automation tools and security solutions.
• Manage and secure infrastructure using Infrastructure as Code (IaC) tools like Terraform or CloudFormation.
• Conduct threat modeling and risk assessments for new and existing applications.
• Establish and manage a robust vulnerability management program, prioritizing and tracking the remediation of security findings.
• Collaborate with engineering teams to integrate security controls into application architectures and designs.
• Act as the primary point of contact for all security-related matters within the engineering organization.
• Communicate complex cybersecurity concepts and risks to technical and non-technical stakeholders, including senior leadership.
• Influence and drive consensus on security priorities and investments.
• Prepare and present reports on the health of the DevSecOps program, including key metrics and KPIs.
• Communicate a clear technical vision to executive leadership and cross-functional stakeholders.
• Champion a security-first mindset while enabling rapid innovation and delivery.