Principal DevSecOps Engineer (Security Operations)

Overview

We are seeking a skilledDevSecOpsEngineer to strengthen our software delivery pipelines withsecurity bestpractices, automation, and continuous improvement. The ideal candidate will bridge the gap between development, security, and operations teams, ensuring that our infrastructure and applications are secure, scalable, and efficiently deployed.

You'llbe instrumental in building security guardrails that enable developers to move fast whilemaintainingrobust security posture, creating golden paths that make secure choices the easy choices.

Key Responsibilities

1. Security Integration & Automation

• Embed security practices into CI/CD pipelines (e.g., Azure DevOps, GitHub Actions).

• Automate static and dynamic code analysis (SAST/DAST), dependency scanning, and container image scanning.

• Implement and manage vulnerability scanning tools (e.g.,SonarQube,Snyk).

• Generate andmaintainSoftware Bill of Materials (SBOM) for applications and container images usingJFrog.

• ManageJFrogfor secure artifact repository management, binary promotion, and access control.

• Build developer security tooling including IDE plugins, pre-commit hooks, and local scanning capabilities.

• Ensure secure configurations across cloud environments and container platforms.

2. Cloud & Infrastructure Security

• ApplyDevSecOpsprinciples to cloud infrastructure (AWS, Azure, or GCP).

• Utilize Wiz for cloud security posture management (CSPM), vulnerability management, and compliance monitoring across multi-cloud environments.

• Implement Infrastructure as Code (IaC) security scanning using Terraform.

• Enforce policy-as-code using frameworks like Open Policy Agent (OPA),Kyverno, Sentinel.

• Manage secrets andcredentials securelywith tools like AWS SecretsManager, orAzure Key Vault, or OCI Vault.

• Design and implement network security controls includingmicrosegmentation, network policies, and zero-trust principles.

• Implement runtime security and threat detection using container runtime protection tools.

• Monitor and respond to security incidents in CI/CD and production environments.

3. Platform Engineering & Architecture

• Build andmaintainsecure platform abstractions (golden paths) that enable developers to deploy securely by default.

• Design and implement security reference architectures for common patterns (microservices, serverless, data pipelines, API gateways).

• Implement service mesh security features includingmTLS, traffic encryption, and policy enforcement.

• Secure API gateways with authentication, authorization, rate limiting, and threat protection.

• Manage supply chain security including artifact signing, registry security, and SLSA framework implementation.

• Build security observability through metrics, dashboards, and security-focused SLIs/SLOs.

4. Collaboration & Process Improvement

• Partner with development and operations teams toidentifyand mitigate security risks early in the SDLC.

• Participate in code reviews and architecture discussions to ensure security-by-design.

• Support development teams in remediating vulnerabilities and implementing secure coding practices.

• Build and lead security champions program to elevate security awareness across engineering teams.

• Advocate for security automation and continuous improvement, translating security requirements into practical, developer-friendly solutions.

• Mentor teams on secure development practices and modern security tooling.

5. Compliance & Governance

• Ensure alignment with security and compliance standards (ISO 27001, SOC 2, HIPAA, GDPR, PCI-DSS, etc.).

• Contribute tothreat modeling, risk assessments, and security architecture reviews.

• Maintain audit trails and compliance documentation fordeploymentpipelines.

• Implement and enforce security policies across the software delivery lifecycle.

Qualifications

Required

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

• 3+ years of experience in DevOps, Cloud Engineering, Security Engineering, or Platform Engineering.

• Strong scripting and automation skills (Python, Bash, PowerShell, Go).

• Hands-on experience with CI/CD tools (GitHub Actions, Azure DevOps).

• Proficiencyin containerization (Docker, Kubernetes) and related security tools.

• Experience with cloud platforms (AWS, Azure, or Oracle) andIaCframeworks (Terraform).

• Solid understanding of security principles, threat modeling, and the OWASP Top 10.

Preferred

• Certifications such as:

• AWS Certified Security Specialty / DevOps Engineer

• Azure Security Engineer / DevOps Expert

• Certified Kubernetes Security Specialist (CKS)

• CISSP, GIAC GSEC, or CertifiedDevSecOpsProfessional

• Experience with Wiz or similar cloud-native application protection platforms.

• Experience withJFrogplatform for artifact management and software composition analysis.

• Experience with policy-as-code frameworks (OPA,Kyverno, Sentinel).

• Knowledge of supply chain security (SLSA framework, SBOM generation).

• Experience with monitoring and logging tools (Prometheus, Grafana, Datadog).

• Understanding of microservicesarchitecture, service mesh, and API security.

• Familiarity with runtime security.

• Experience with incident response, SIEM platforms, or SOC processes.

• Background in secure SDLC methodologies and threat modeling frameworks