Senior DevSecOps Engineer

Who are we?

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. 

We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, Salesforce, Stellantis, Adidas, Walmart and Sanofi.

Description

Checkmarx is seeking a talented Senior DevSecOps Engineer to join our growing Checkmarx One™ Platform Engineering DevOps group. Checkmarx One™ is our flagship unified Application Security Platform, developed with the most cutting-edge cloud native technologies, and deployed in multi-cloud and on-premises environments.

 Responsibilities

• Design, implement, and automate secure, scalable infrastructure for Checkmarx One™ environments, ensuring scale, high availability and compliance with FedRAMP requirements.
• Develop and maintain CI/CD pipelines with a focus on secure software supply chain practices (e.g., SBOMs, signing, verification).
• Harden Kubernetes-based deployments by building and enforcing security controls using Kubernetes Operator Framework, Network Policies, and Pod Security Standards.
• Integrate and manage observability and security monitoring tools, such as Fluent Bit, ELK, Grafana, Prometheus, and cloud-native security tooling (e.g., AWS GuardDuty, Inspector).
• Collaborate with application security, product engineering, and compliance teams to define and enforce DevSecOps best practices.
• Conduct threat modeling and risk assessments of infrastructure changes and implement remediation strategies as needed.
• Lead the adoption of secure-by-default templates infrastructure-as-code (AWS CDK, Terraform, etc.) reusable automation.
• Assist in evidence collection and environment preparation for FedRAMP audits and continuous monitoring.

• 5+ years of experience as a DevOps, Site Reliability, or Platform Engineer with a strong focus on security (DevSecOps).
• In-depth experience securing production environments on AWS (or other major clouds) using least privilege, identity federation, VPC security, etc.
• Proven expertise with Kubernetes and the Operator Framework, including workload security hardening, admission controllers, and custom operators.
• Strong knowledge of CI/CD and infrastructure-as-code tools such as Jenkins, GitHub Actions, CircleCI, AWS CDK, or Terraform.
• Experience building and managing secure containerized environments using Docker, Helm, and Argo CD.
• Proficiency in at least one programming or scripting language (Python, Bash, or Go) with emphasis on automation and secure coding.
• Familiarity with compliance frameworks such as FedRAMP, SOC 2, or ISO 27001, and how they apply to cloud-native architectures.
• Experience integrating security observability and logging systems (e.g., Fluent Bit, ELK, Prometheus, AWS CloudTrail).
• Strong analytical and problem-solving skills with a security-first mindset.