Description

We are seeking a DevSecOps Engineer with a strong technical backbone and a passion for secure, scalable engineering. This role will serve as the bridge between Security, DevOps, and Engineering—owning the strategy and execution of embedding security controls and automation throughout our AWS-native cloud ecosystem.

You will be responsible for building a resilient and secure SSDLC by integrating cutting-edge security tooling across the CI/CD pipeline, enabling “shift-left” enforcement from the earliest stages of code development. This includes embedding controls for SAST, DAST, SCA, and IaC security scanning, ensuring that every code commit, container build, and infrastructure deployment aligns with best-in-class security standards.

Key Responsibilities:

  • Integrate security tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines.
  • Oversee the security of container images, third-party dependencies, and open-source components, ensuring they meet organizational security standards.
  • Promote shift-left security and collaborate with engineering teams.
  • Align with security policies set by CISO and GRC teams.
  • Develop and maintain documentation for security processes, configurations, and incident response plans.
  • Stay up-to-date with the latest security threats, vulnerabilities, and best practices, applying this knowledge to enhance system security.
  • Provide technical leadership and guidance on DevSecOps practices.

Requirements

Required Qualifications:

  • Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
  • 3-5 years of experience in DevSecOps/DevOps, Security Engineering, or Infrastructure Security roles.
  • Hands-on experience with Kubernetes, including deploying, managing, and securing clusters.
  • Strong understanding of IaC best practices, AWS security architecture, and cloud-native infrastructure patterns.
  • Experience with Infrastructure as Code (IaC) tools such as Terraform, Terragrunt, or Crossplane.
  • Ability to design and develop code using Python or Go.
  • In-depth knowledge of security tool types (SAST, DAST, SCA, IaC scanning) and their application across CI/CD pipelines.
  • Excellent communication and collaboration skills, with the ability to work effectively across cross-functional teams.
Map showing company location