Jobs · Engineering

DevSecOps Engineer

Towne · United States · 1 wk ago
RemoteRemoteEngineeringFull-time

Essential Functions

  • CI/CD & Release Engineering (Azure DevOps)
    • Design, build, and maintain CI/CD pipelines in Azure DevOps (YAML pipelines) for application and infrastructure deployments
    • Implement multi-stage release workflows with environment promotion (dev → staging → production), approval gates, and automated rollback
    • Own deployment reliability: zero-downtime deployment patterns (blue/green, canary), release cadence, and deployment metrics (lead time, change failure rate, MTTR)
    • Manage build agents, artifact feeds, and container registries (ACR)
  • Infrastructure as Code (20%)
    • Partner closely with engineering teams to integrate security into development workflows without reducing delivery velocity
    • Develop secure coding guidance, reusable security patterns, and self-service security capabilities
    • Support security champion programs and security awareness initiatives for technical teams
    • Author and maintain all cloud infrastructure as code using Terraform and/or Bicep — no click-ops in production
    • Build reusable IaC modules for common patterns (networking, app services, databases, key vaults)
    • Implement state management, drift detection, and plan/apply review workflows integrated into pipelines
    • Drive cost visibility and right-sizing through tagging standards and IaC-enforced resource policies
  • Policy as Code & Governance (30%)
    • Define and enforce guardrails using Azure Policy (built-in and custom definitions) across subscriptions and management groups
    • Implement policy-as-code workflows so governance changes go through version control and CI, not the portal
    • Enforce standards automatically: allowed regions and SKUs, mandatory encryption, network restrictions, required tags, diagnostic settings
    • Integrate compliance scanning into pipelines (e.g., Checkov, tfsec, PSRule) so non-compliant infrastructure fails before deployment
    • Maintain audit-ready documentation and technical control mappings across applicable regulatory frameworks
    • Maintain audit-ready evidence of control enforcement to support SOC 2 / PCI DSS compliance efforts
  • Security Operations & Remediation (25%)
    • Facilitate threat modeling exercises for applications, cloud services, APIs, and infrastructure platforms
    • Identify security design risks early in the software development lifecycle and recommend mitigation strategies
    • Design and implement secure network architectures including segmentation, private networking, web application firewalls (WAF), and cloud-native security controls
    • Monitor and remediate network exposure risks and cloud security misconfigurations
    • Support secure connectivity models including VPN, private endpoints, service meshes, and zero-trust networking architectures
    • Own vulnerability management end to end: scanning (SAST, dependency/SCA, container image, DAST), triage, severity-based remediation SLAs, and tracking to closure
    • Remediate infrastructure-level findings directly (misconfigurations, patching, network exposure, identity over-permissioning); route application-code findings to engineering teams with clear severity, context, and deadlines
    • Implement and tune Microsoft Defender for Cloud and security monitoring/alerting; lead initial response and containment for security incidents
    • Manage identity and access: Entra ID, RBAC least-privilege reviews, service principals/managed identities, PIM for elevated access
    • Harden the network layer: NSGs, private endpoints, WAF, segmentation between environments
  • Feature Delivery Enablement (10%)
    • Implement feature flag infrastructure (e.g., Azure App Configuration / LaunchDarkly) to decouple deployment from release
    • Support progressive rollouts, A/B exposure controls, and kill switches for safe feature launches
    • Partner with application engineers to make shipping fast and safe — your job is to remove friction, not add gates
    • Support feature flag platforms and progressive delivery capabilities to enable secure, controlled feature releases
    • Implement kill-switch and rollback mechanisms to reduce deployment risk.

    Qualifications

    • Education: B.S. or Major in Computer Science
    • Required: 5+ years in DevOps/SRE/Platform roles, with at least 2 years of hands-on security ownership (DevSecOps, AppSec, or CloudSec)
    • Preferred: AZ-400, AZ-500, or equivalent
    • Work Experience: 5+ years in DevOps/SRE/Platform roles, with at least 2 years of hands-on security ownership (DevSecOps, AppSec, or CloudSec)
    • Knowledge & Skills: Deep, demonstrable Azure experience: App Services / AKS / Functions, networking, Entra ID, Key Vault, Defender for Cloud
    • Expert with Azure DevOps: YAML pipelines, release management, branch policies, artifact management
    • Production experience with Terraform or Bicep (both a plus), including module design and state management
    • Proficiency in at least one scripting language (PowerShell, Python, or Bash)
    • Track record of remediating security findings yourself — not just filing tickets
    • Strong communication: able to explain risk in business terms and influence engineers without formal authority

Similar jobs

DevSecOps Engineer

CACI International IncFairfax, VA· 4 days ago
Engineeringapply on searchcareers.caci.com

DevSecOps Engineer

BruckEdwards, IncReston, VA· 2 wk ago
Engineeringapply on recruiting.paylocity.com

DevSecOps Engineer

BlueHalo, an AV companyHuntsville, AL· 2 wk ago
Engineeringapply on bluehalo.rec.pro.ukg.net

DevSecOps Engineer

Auria SpaceColorado Springs, CO· 3 wk ago
Engineering$70k–$135k/yrapply on auria.space

DevSecOps Engineer

Computer World Services Corp. (CWS)Morrisville, NC· 3 wk ago
Engineeringapply on jobs.lever.co

DevSecOps Engineer

Emprise CorporationChesapeake, VA· 2 wk ago
Engineeringapply on apply.appone.com