DevSecOps Engineer
TrueML · United States · 3 wk ago
RemoteRemoteEngineeringFull-time
What You'll Do
- Security Automation & CI/CD Integration (Core Focus)
- Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
- Design and maintain automated security workflows across build, test, and deploy stages
- Implement security gates, policy enforcement, and compliance checks within pipelines
- Cloud Security (AWS Focus)
- Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)
- Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)
- Enforce least privilege access, secrets management, and runtime protections
- Own Cloud Security
- Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda)
- Migrate Beyond Manual Checks
- Automate Compliance: Build real-time monitoring and automated remediation for AWS resources, ensuring we stay "audit-ready" for frameworks like PCI and ISO 27001
- Lead Threat Modeling
- Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans
- Innovate with AI
- Develop security standards for Generative AI and leverage AI-powered tools to explore our attack surface while defending against AI-driven threats
- Guard the Infrastructure
- Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF to ensure a "least privilege" environment
- An Experienced Defender
- You bring 7-10 years in software engineering, DevOps, or cloud engineering
- 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response
- A Cloud Specialist
- You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments
- Certified and Credentialed
- You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP) and have a firm grasp of compliance frameworks like PCI and ISO 27001
- Technically Versatile
- You are familiar with OWASP, proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers
- AI-Aware
- You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls
- Strategic Partner
- You are a natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams
- An Elite Communicator
- You can propose strategic methodologies to tackle legacy security debt and convince stakeholders of the business value of security-first design
- Experience in software engineering, DevOps, or cloud engineering
- 3+ years in a DevSecOps focused role
- Deep mastery of cloud security, vulnerability analysis, and incident response
- Demonstrable expertise in the AWS ecosystem
- Firm grasp of compliance frameworks like PCI and ISO 27001
- Top-tier industry certifications (such as CISSP, SANS GIAC, or CASP)
- Familiarity with OWASP and proficiency with modern security tooling
- Ability to secure complex API integrations and data protection layers
- Technical curiosity about the evolving landscape of AI regulations
- Natural collaboration skills
- Ability to communicate strategic methodologies effectively