DevSecOps Engineer
Fully remote (working EST)
Salary:$128-170k
The DevSecOps Engineer (Application Security) is a highly technical role responsible for embedding security into every stage of the software development lifecycle. This individual will focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling to strengthen secure development practices.
The role requires strong expertise in application security, secure coding practices, and DevSecOps methodologies, along with a solid understanding of software development processes and foundational knowledge of infrastructure and operating systems.
Key Responsibilities
- Build strong relationships with developers, product stakeholders, and agile teams to integrate security into application design and delivery (20%)
- Perform security testing and validation of application security controls across multiple initiatives (15%)
- Implement and enhance defensive security practices across applications and supporting infrastructure (15%)
- Support and enforce CI/CD security strategies in collaboration with engineering and platform teams (10%)
- Apply expertise in SAST, SCA, DAST, and Infrastructure-as-Code (IaC) scanning tools and methodologies (20%)
- Identify vulnerabilities through automated scanning and manual code review; drive remediation efforts (10%)
- Apply threat modeling techniques to strengthen application design and reduce risk (10%)
- Act as an escalation point for application security issues and support resolution efforts
- Develop and improve tools and services that enable developers to adopt security best practices efficiently
- Automate and streamline security controls within CI/CD pipelines
- Support “shift-left” security initiatives by embedding security early in the SDLC
- Apply foundational cloud security knowledge, including IAM, container security, and baseline hardening practices
- Perform other duties as assigned
Required Qualifications
- Bachelor’s degree (BA/BS) in Finance, Accounting, Business, Computer Science, or a related field, or equivalent professional experience
- 7+ years of experience in information technology, information security administration, or security operations
- Experience working in Agile environments, including Scrum and Kanban methodologies
- Strong understanding of container technologies (e.g., Docker) and container orchestration platforms (e.g., Kubernetes, Docker Swarm)
- Experience with infrastructure automation and configuration tools such as CloudFormation, Terraform, Ansible, and Jenkins
- Proficiency in securing Windows and Unix/Linux operating systems, endpoint applications, network protocols, and related infrastructure components
- Scripting experience in one or more of the following: Python, Bash, Perl, or PowerShell
- Solid understanding of application security principles and frameworks, including OWASP Top 10, CVSS scoring, MITRE ATT&CK, and the software development lifecycle (SDLC)
Preferred Certifications
- CISSP
- GIAC certifications (e.g., GCSA, GWAPT)
- AWS Security Specialty or related certifications
...