DevSecOps Engineer

Position Summary

We are seeking a DevSecOps Engineer to support a large-scale application security program with deep engineering expertise in designing, implementing, and maintaining scalable security automation solutions. Focus will be on integrating static (SAST), dynamic (DAST), and software composition analysis (SCA) tools into CI/CD pipelines to enable secure development practices across diverse software environments. The role involves close collaboration with development, security, and DevOps teams to embed security controls within the software development lifecycle, leveraging tools such as Checkmarx, Fortify, Burp Suite, OWASP ZAP, Snyk, and WhiteSource. Additional value add skills include scripting custom integrations via Python, Go, or Java, developing APIs to extend automation capabilities, and configuring security scanning in cloud-native and containerized environments (e.g., AWS, Azure, Kubernetes). Strong working knowledge of infrastructure as code (Terraform, Ansible), CI/CD platforms (Jenkins, GitHub Actions, GitLab CI), and secure coding practices is essential. The engineer will also provide actionable insights from tool results, support incident response, and mentor teams on secure development lifecycle (SDL) best practices across multiple business units.

Key Responsibilities

• • Design / build / implement and maintain scalable automation tools and pipelines for application security, including static (SAST), dynamic (DAST), and software composition analysis (SCA) scanning.
  • Collaborate with developers, security engineers, and DevOps teams to integrate security automation seamlessly into CI/CD workflows.
  • Identify opportunities for improving security tool coverage, efficiency, and performance.
  • Develop custom scripts, plugins, or APIs to extend the capabilities of security testing and remediation automation.
  • Monitor and analyze security automation tool results, generate actionable insights, and support incident response and remediation efforts.
  • Stay up to date on the latest security automation trends, technologies, and best practices, and advocate for continuous improvement in tooling and processes.
  • Provide mentorship and guidance to other engineers on secure coding and secure development lifecycle practices.

Required Qualifications

• • 8+ years of software engineering experience with a focus on security automation or application security.
  • Proficiency in Python, Ruby, Go, Java, or similar programming languages.
  • Strong understanding of application security principles, vulnerabilities (e.g., OWASP Top Ten), and remediation techniques.
  • Hands-on experience implementing and configuring security scanning tools such as SAST (e.g., Checkmarx, Fortify), DAST (e.g., Burp Suite, OWASP ZAP), and SCA (e.g., Snyk, WhiteSource).
  • Familiarity with CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI) and infrastructure as code tools (e.g., Terraform, Ansible) is a plus.
  • Solid understanding of software development lifecycle (SDLC) processes and how to integrate security automation seamlessly.
  • Excellent problem-solving skills and ability to work independently and as part of a team.

Preferred Qualifications

• • Experience with cloud-native security automation (e.g., in AWS, Azure, or GCP environments).
  • Familiarity with container security (e.g., Docker, Kubernetes) and related security scanning solutions.
  • Knowledge of threat modeling and security risk assessments.