Senior Development Security Operations Engineer
American Tower · Cary, NC · 2 wk ago
HybridEngineeringFull-time
Responsibilities
- Design, implement, and optimize secure Continuous Integration / Continuous Delivery (CI/CD) pipelines, embedding automated security controls such as: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Secrets scanning, Infrastructure as Code (IaC) scanning, and Container image scanning.
- Implement and enforce policy-as-code frameworks, ensuring that security requirements are version-controlled, machine-readable, and automatically enforced across build, deployment, and runtime environments.
- Lead the implementation of code repository security controls (e.g., Bitbucket, GitHub, GitLab, Azure DevOps), including branch protections, access controls, commit integrity checks, and prevention of unauthorized or insecure code changes.
- Develop and maintain security guardrails for developer platforms, ensuring secure configurations for pipelines, repositories, and development environments.
- Integrate security controls into cloud-native environments, including container platforms (e.g., Kubernetes) and infrastructure-as-code provisioning tools such as Terraform, Azure Resource Manager (ARM), and AWS CloudFormation.
- Implement secrets management solutions, ensuring secure storage, rotation, and usage of credentials, Application Programming Interface (API) keys, and tokens across applications and pipelines.
- Automate enforcement of secure development standards by embedding security checks directly into engineering workflows and deployment processes.
- Partner with Application Security to translate requirements into technical controls and ensure consistent enforcement across all application environments.
- Build and maintain monitoring, logging, and alerting capabilities for pipeline and application security events to enable rapid detection and response.
- Drive continuous improvement of DevSecOps capabilities, including automation, standardization, and performance optimization of security tooling.
- Provide technical leadership and mentorship to engineers on DevSecOps practices, automation, and secure platform engineering.
Qualifications
- 7+ years of experience in DevSecOps, security engineering, or platform engineering, with strong hands-on experience implementing CI/CD and automation solutions.
- Strong hands-on experience with code repository platforms (e.g., GitHub, GitLab, Azure DevOps), including implementation of advanced security controls and governance.
- Deep experience with cloud-native technologies, including containers (Docker), orchestration platforms (Kubernetes), and infrastructure-as-code tools such as Terraform, Azure Resource Manager (ARM), and AWS CloudFormation.
- Strong understanding of software supply chain security risks and controls, including dependency management and Software Bill of Materials (SBOM) practices.
- Experience implementing policy-as-code frameworks using tools such as Azure Policy, AWS Config, Open Policy Agent (OPA), or similar technologies.
- Proficiency in scripting and automation (e.g., Python, PowerShell, Bash) and DevOps tooling (e.g., Jenkins, GitHub Actions, Azure Pipelines).
- Strong understanding of the Secure Development Lifecycle (SDLC) and the ability to operationalize controls within engineering environments.
- Ability to collaborate effectively with Application, Cybersecurity, and business teams to implement scalable security solutions.
- Strong written and oral communication skills, including the ability to present ideas and suggestions clearly and effectively.
- Ability to work with different functional groups and levels of employees to effectively and professionally achieve results.
- Strong organizational skills; ability to accomplish multiple tasks within the agreed upon timeframes through effective prioritization of duties and functions in a fast-paced environment.