DevSecOps Specialist
About the role
The DevSecOps Specialist is responsible for implementing and operating enterprise secrets scanning solutions, integrating secrets detection into CI/CD pipelines and PR workflows, configuring detection rules, patterns, and policy thresholds, identifying, triaging, and prioritizing exposed secrets, driving remediation with engineering teams, building automation for secrets detection, alerting, and response workflows, ensuring reliable and scalable execution of scanning across pipelines, maintaining monitoring, alerting, and operational health of secrets platforms, troubleshooting pipeline/tooling issues and performing root cause analysis, partnering with IAM, pipeline, and AppSec teams for credential lifecycle governance, improving developer experience by minimizing friction and providing clear remediation guidance, and contributing to continuous improvement and automation of AppSec/security processes.
Responsibilities
- Implement and operate enterprise secrets scanning solutions (e.g., GHAS, Wiz)
- Integrate secrets detection into CI/CD pipelines and PR workflows
- Configure detection rules, patterns, and policy thresholds to reduce noise
- Identify, triage, and prioritize exposed secrets across repositories and platforms
- Drive remediation with engineering teams (revoke, rotate, remove exposed secrets)
- Build automation for secrets detection, alerting, and response workflows
- Ensure reliable and scalable execution of scanning across pipelines
- Maintain monitoring, alerting, and operational health of secrets platforms
- Troubleshoot pipeline/tooling issues and perform root cause analysis
- Partner with IAM, pipeline, and AppSec teams for credential lifecycle governance
- Improve developer experience by minimizing friction and providing clear remediation guidance
- Contribute to continuous improvement and automation of AppSec/security processes
Qualifications
- Minimum four years related work experience. Experience in IT security or application development preferred.
- Undergraduate degree in related field or equivalent combination of training and experience.
- PREFERRED: Security certifications such as ISC2 CISSP, GIAC Security, Essentials Certification (GSEC), GIAC Penetration Tester Certification (GPEN), GIAC Web App Pen Tester (GWPN), or Certified Ethical Hacker (CEH).