Expert DevSecOps Engineer

Join a great place to work with MissionSquare, a financial services corporation with approximately $79 billion in assets under management and administration and over 600 employees. Founded in 1972, MissionSquare is dedicated to the retirement needs of public sector employees. We focus on delivering results-oriented retirement and retiree health savings plans, education, investment options, personalized guidance, and related services to public sector participants in more than 9,200 plans and nearly 2 million participant accounts. We strive to make the administration of retirement programs as easy and cost-effective as possible. We have an extraordinary talent base and invite you to consider joining MissionSquare.

The DevSecOps Engineer (Application Security) is a highly technical role responsible for advancing and embedding application security across the software development lifecycle. Candidates must have strong expertise in application security, secure coding practices, DevSecOps methodologies, and software development processes, with foundational knowledge of infrastructure and operating systems. This role focuses on integrating robust security controls into CI/CD pipelines, driving automation of AppSec tooling, and ensuring adherence to secure development principles. DevSecOps Engineers collaborate closely with developers, architects, cybersecurity teams, and system engineers to deliver secure, resilient applications. They demonstrate strong analytical abilities, adaptability, and the capacity to respond quickly to evolving requirements while maintaining exceptional communication and cross‑team partnership. With a security‑first mindset, DevSecOps Engineers continuously assess application threats, reduce enterprise risk, and support secure integration and deployment practices across multidisciplinary teams.

***MissionSquare cannot sponsor or hire candidates with H1B, STEM or OPT visas for this role.***

Essential Functions (With Percentage Allocation)

• 20% – Build relationships with developers, stakeholders, and scrum masters to incorporate security principles into engineering design and application deployments.
• 15% – Perform security testing and validation of application security controls across projects, ensuring secure design and implementation.
• 15% – Oversee the implementation of defensive security practices and countermeasures across applications and supporting infrastructure.
• 10% – Uphold CI/CD security strategy and practices in partnership with other technical team leads, ensuring security is consistently embedded in pipelines.
• 20% – Demonstrated experience with SAST, SCA, DAST, and IaC scanning tools and methodologies.
• 10% – Identify vulnerabilities in code through automated and manual assessments and promote efficient remediation.
• 10% – Apply threat modeling principles to improve design and development practices.
• Serve as a point of contact for security‑based escalations and remain closely involved in resolution activities.
• Build services and tools that enable developers and engineers to easily adopt and use security components produced by the application security team.
• Simplify and enhance automation that applies security controls within CI/CD pipelines.
• Support shift‑left initiatives by incorporating security early and throughout the development lifecycle.
• Leverage foundational cloud security architecture knowledge (IAM, containers, baseline hardening).
• Performs other duties as assigned.

If you have the following skills, we encourage you to apply:

• Bachelor’s degree (BA/BS) in Finance, Accounting, Business, or a related field, or equivalent professional experience

• At least 7+ years’ experience in information technology, information security administration or security operations

• Experience with agile workflows, including Scrum and Kanban.

• Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)

• Understanding of CloudFormation, Terraform, Ansible and Jenkins

• Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices

• Proven experience with operations and security across Amazon Web Services (AWS) and Microsoft Azure     

• Proven experience with GitHub Actions

• Hands on experience with WIZ

• Hands on experience with application security testing (BURP)

• Ability to obtain and maintain technical team and business support influences a collaborative effort to reduce the attack surface while performing rapid, continuous implementation

• Capable of scripting in Python, Bash, Perl or PowerShell

• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC)

• Preferred Certifications: CISSP, GIAC (GCSA, GWAPT), AWS (SSA)

 To benefit your career and support your wellbeing, we offer:

• Competitive Total Rewards package, including base pay, incentive programs, benefits, and a 401(k) plan with matching contributions

• Flexible and hybrid work schedules to support work-life balance

• Tuition reimbursement to support continued education

• Professional and career development opportunities, including courses and certifications

• Comprehensive wellness programs promoting physical, mental, and emotional health

• Volunteerism initiatives to encourage community engagement

Click here to learn more about MissionSquare’s benefits.

Equal Employment Opportunity

As a company, MissionSquare is an Equal Opportunity Employer. We strive to create an environment that reflects the value and diversity of our employees and fosters respect among them. We believe that talent from diverse backgrounds will further enhance our ability, and mission, to serve those who serve their communities.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or any other protected classifications under any applicable law.

This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.