Jobs · Engineering

DevSecOps Engineer

TrueML · United States · 3 wk ago
RemoteRemoteEngineeringFull-time

What You'll Do

  • Security Automation & CI/CD Integration (Core Focus)
    • Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
    • Design and maintain automated security workflows across build, test, and deploy stages
    • Implement security gates, policy enforcement, and compliance checks within pipelines
  • Cloud Security (AWS Focus)
    • Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)
    • Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)
    • Enforce least privilege access, secrets management, and runtime protections
  • Own Cloud Security
    • Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda)
  • Migrate Beyond Manual Checks
    • Automate Compliance: Build real-time monitoring and automated remediation for AWS resources, ensuring we stay "audit-ready" for frameworks like PCI and ISO 27001
  • Lead Threat Modeling
    • Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans
  • Innovate with AI
    • Develop security standards for Generative AI and leverage AI-powered tools to explore our attack surface while defending against AI-driven threats
  • Guard the Infrastructure
    • Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF to ensure a "least privilege" environment

    Who You Are

    • An Experienced Defender
      • You bring 7-10 years in software engineering, DevOps, or cloud engineering
      • 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response
    • A Cloud Specialist
      • You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments
    • Certified and Credentialed
      • You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP) and have a firm grasp of compliance frameworks like PCI and ISO 27001
    • Technically Versatile
      • You are familiar with OWASP, proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers
    • AI-Aware
      • You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls
    • Strategic Partner
      • You are a natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams
    • An Elite Communicator
      • You can propose strategic methodologies to tackle legacy security debt and convince stakeholders of the business value of security-first design

      Qualifications

      • Experience in software engineering, DevOps, or cloud engineering
      • 3+ years in a DevSecOps focused role
      • Deep mastery of cloud security, vulnerability analysis, and incident response
      • Demonstrable expertise in the AWS ecosystem
      • Firm grasp of compliance frameworks like PCI and ISO 27001
      • Top-tier industry certifications (such as CISSP, SANS GIAC, or CASP)
      • Familiarity with OWASP and proficiency with modern security tooling
      • Ability to secure complex API integrations and data protection layers
      • Technical curiosity about the evolving landscape of AI regulations
      • Natural collaboration skills
      • Ability to communicate strategic methodologies effectively

Similar jobs

DevSecOps Engineer

CACI International IncFairfax, VA· 4 days ago
Engineeringapply on searchcareers.caci.com

DevSecOps Engineer

BruckEdwards, IncReston, VA· 2 wk ago
Engineeringapply on recruiting.paylocity.com

DevSecOps Engineer

TowneUnited States· 1 wk ago
RemoteEngineeringapply on townepark.wd5.myworkdayjobs.com

DevSecOps Engineer

BlueHalo, an AV companyHuntsville, AL· 2 wk ago
Engineeringapply on bluehalo.rec.pro.ukg.net

DevSecOps Engineer

Auria SpaceColorado Springs, CO· 3 wk ago
Engineering$70k–$135k/yrapply on auria.space

DevSecOps Engineer

Computer World Services Corp. (CWS)Morrisville, NC· 3 wk ago
Engineeringapply on jobs.lever.co