Jobs · Engineering

Senior DevSecOps Engineer

Ceres USA · United States · 4 days ago
RemoteRemoteEngineeringFull-time

About the role

We are looking for a Senior DevSecOps Engineer to join the Information Security team and work closely with the Office of the CISO to help secure a modern, cloud-based insurance platform supporting annuity products and financial operations.

Responsibilities

  • Secure Cloud and Engineering Environments

  • Design, implement, and improve security controls across cloud infrastructure, application environments, developer workflows, and engineering platforms

  • Review cloud architecture, infrastructure as code, APIs, integrations, and application design for security risks

  • Help identify, prioritize, and remediate cloud misconfigurations, infrastructure weaknesses, and security findings

  • Support secure configuration of cloud services, identity and access controls, network security controls, and service-level security settings

  • Maintain documentation of cloud and engineering security decisions, control patterns, remediation actions, and operational procedures

  • Implement and improve security controls across code repositories, CI/CD pipelines, and software delivery workflows

  • Support branch protection, repository permissions, secrets scanning, code scanning, dependency review, and secure development practices

  • Partner with engineering teams to embed security into the development lifecycle without unnecessarily slowing delivery

  • Coordinate remediation of vulnerabilities identified through cloud security platforms, code scanning, penetration testing, application security reviews, infrastructure-as-code review, and audit findings

  • Help define repeatable secure development, deployment, and remediation patterns

  • Support application, API, and software supply chain security

  • Review applications, APIs, integrations, and platform designs for security risks and practical remediation options

  • Help improve software supply chain security, dependency management, secrets handling, and secure deployment workflows

  • Provide practical guidance to engineers on secure coding, secure cloud usage, access control, logging, monitoring, and remediation priorities

  • Collaborate with engineering and platform teams to ensure security findings are understood, prioritized, and resolved

  • Strengthen Security Governance and Audit Readiness

  • Help prepare the organization for Internal Audit, external audits, regulatory reviews, and control assessments

  • Support security control implementation and evidence gathering for frameworks and expectations such as SOC 2, ISO 27001, NAIC, and other relevant standards

  • Ensure security work is documented, repeatable, reviewable, and aligned with control requirements

  • Follow change management processes and support appropriate review and approval of security configuration changes

  • Partner with the Office of the CISO to prioritize cloud, application, and SDLC security improvements and reduce operational risk

  • Provide practical cloud and SDLC security architecture input

  • Identify security design gaps and recommend practical, implementable improvements

  • Define secure patterns for cloud services, infrastructure as code, source control, CI/CD, secrets management, and application delivery

  • Advises on secure use of emerging technologies and AI-enabled development or automation tools where relevant

Qualifications

  • 7+ years of experience in cybersecurity engineering, DevSecOps, cloud security, software engineering, infrastructure engineering, or a related field

  • Strong hands-on experience securing cloud environments, preferably AWS

  • Experience with infrastructure as code, especially Terraform or similar tools

  • Familiarity with secure SDLC practices, application security, API security, vulnerability remediation, and software supply chain security

  • Experience coordinating remediation of security findings with engineering teams

  • Strong understanding of cloud IAM, network security controls, secrets management, logging, monitoring, and secure configuration

  • Experience working in regulated environments or environments with formal audit, compliance, or control requirements

  • Self-motivated learner who proactively researches emerging technologies, security trends, and evolving threats without waiting for direction

  • Ability to learn a new platform and quickly become proficient

  • Strong written and verbal communication skills, including the ability to document technical decisions and explain security concepts clearly to engineering and business stakeholders

Nice-to-Have Qualifications

  • Experience supporting financial services, insurance, annuity, fintech, or other regulated environments

  • Experience with cloud security posture management, cloud vulnerability management, or infrastructure security tooling

  • Experience with GitHub security controls, GitHub Advanced Security, code scanning, secret scanning, dependency review, or similar capabilities

  • Experience with penetration test remediation, application security review, threat modeling, or secure architecture review

  • Familiarity with frameworks and requirements such as SOC 2, ISO 27001, NAIC, NIST, or similar control frameworks

  • Experience with developer security enablement, security champions, engineering training, or secure SDLC rollout

  • Certifications such as CISSP, cloud security certifications, AWS security certifications, or other relevant security or engineering certifications

Similar jobs

Senior DevSecOps Engineer

eSimplicityWashington DC-Baltimore Area· 4 days ago
RemoteEngineeringapply on recruiting.paylocity.com

Senior DevSecOps Engineer

Modern Technology Solutions, Inc. (MTSI)Alexandria, VA· 2 days ago
Engineering$160k–$210k/yrapply on mtsi-va.eightfold.ai