DevSecOps Engineer/Application Security Engineer | Experience: 46 years
About the Role
The DevSecOps Engineer will embed security into the software development lifecycle of tech-forward portfolio companies. Working closely with engineering teams, you will automate security testing, manage code vulnerabilities, and establish a security-first culture within product development teams.
Responsibilities
- Integrate SAST, DAST, and SCA tools into CI/CD pipelines (GitHub Actions, Jenkins)
- Manage container security (Docker, Kubernetes) and cloud-native security posture
- Implement and manage secrets management solutions (HashiCorp Vault, AWS Secrets Manager)
- Conduct code security reviews and threat modeling for new features
- Establish infrastructure-as-code security scanning (Checkov, Terraform Sentinel)
- Champion developer security training and security champion programs
- Own vulnerability tracking from detection to remediation in dev environments
- Build security dashboards and metrics for engineering leadership
- Collaborate with cloud teams on CSPM findings and auto-remediation
Qualifications
- Bachelor's in CS, Software Engineering, or equivalent
- 4+ years in DevSecOps, AppSec, or cloud security engineering roles
Required Skills
- Proficiency in at least one language Python, Go, or Node.js
- Experience with CI/CD tools (GitHub Actions, Jenkins, GitLab CI)
- Hands-on with SAST/DAST tools (Snyk, Checkmarx, OWASP ZAP, SonarQube)
- Cloud security expertise (AWS, Azure, or GCP security services)
- Container/Kubernetes security experience (Trivy, Falco, Aqua Security)
- Strong cross-functional collaboration and ability to influence without authority
Preferred Skills
- Certifications preferred: AWS Security Specialty, CKS, CSSLP, GWEB
Equal Opportunity Statement
We are committed to diversity and inclusivity in our hiring practices.
