We are seeking an experienced DevSecOps Engineer with a strong background in ecommerce environments to help design, implement, and maintain secure, scalable, and highly available CI/CD pipelines and cloud infrastructure. This role will work closely with development, security, and operations teams to embed security throughout the software development lifecycle while supporting high-traffic, revenue-generating platforms.
The ideal candidate understands the unique challenges of ecommerce systems, including payment security, high availability, rapid release cycles, and regulatory compliance.
Key Responsibilities- Design, implement, and maintain secure CI/CD pipelines for ecommerce applications.
- Embed security controls and automated testing (SAST, DAST, SCA, IaC scanning) into the SDLC.
- Support cloud-based ecommerce platforms with a focus on scalability, availability, and performance.
- Implement and manage infrastructure as code (IaC) using tools such as Terraform, CloudFormation, or ARM.
- Collaborate with development teams to securely deploy and maintain ecommerce applications and APIs.
- Ensure secure handling of payment systems, customer data, and integrations with third-party vendors.
- Monitor, detect, and respond to security events within production and non-production environments.
- Implement and maintain secrets management, certificate management, and key rotation.
- Support compliance efforts related to PCI DSS, SOC 2, ISO 27001, or similar frameworks.
- Perform threat modeling and risk assessments for new ecommerce features and integrations.
- Improve system reliability through automation, monitoring, and incident response practices.
- Participate in on-call rotations and support production releases as needed.
Requirements
- 5+ years of experience in DevOps or DevSecOps roles.
- Hands-on experience supporting ecommerce platforms, including Swell, Shopify, Magento, BigCommerce, or custom ecommerce solutions.
- Integrate and manage Cloudflare services (WAF, CDN, DDoS protection, Zero Trust access, bot management) to protect and optimize ecommerce applications
- Strong experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, Azure DevOps, etc.).
- Experience securing cloud environments (AWS, Azure, and/or GCP).
- Solid understanding of web application security and OWASP Top 10.
- Experience with containerization and orchestration (Docker, Kubernetes).
- Familiarity with SAST, DAST, and dependency scanning tools (e.g., Snyk, Checkmarx, Veracode).
- Strong scripting skills (Bash, Python, or similar).
- Experience with monitoring and logging tools (Prometheus, Grafana, ELK/Elastic, Datadog).
- Understanding of PCI DSS requirements and secure payment processing workflows.
Top Skills
What We Do
Maverc brings proven operational excellence, flexibility and customer-focused innovation together to drive progressive outcomes at the pace of business.
Cybersecurity capabilities that span risk management and transformation, threat management, security operations, and integration and innovation, aiding organizations in fulfillment of stronger and more robust cybersecurity programs that support business necessities and outcomes. At Maverc, we are transforming cybersecurity to enable clients to modernize their consumption models, maximize value, achieve quantifiable results, and achieve complete solutions and business alignment.
