Senior InfoSec Engineer (SecDevOps) / New York
DigitalXNode · New York, United States · 3 wk ago
EngineeringFull-time
Key Responsibilities
- Design, implement, and maintain secure CI/CD pipelines that support rapid and secure software delivery.
- Integrate security controls throughout the Software Development Life Cycle (SDLC).
- Collaborate with development, infrastructure, and cloud engineering teams to embed security into development workflows.
- Implement security automation within build, deployment, and release processes.
- Promote secure coding practices and software security standards across engineering teams.
Security Assessment & Risk Management
- Conduct vulnerability assessments, risk analyses, and security reviews across applications, infrastructure, and cloud environments.
- Identify security weaknesses and recommend remediation strategies.
- Evaluate cybersecurity risks against established security frameworks, standards, and organizational policies.
- Perform threat modeling and security architecture reviews for new applications and infrastructure initiatives.
- Monitor risk exposure and provide recommendations aligned with business risk tolerance levels.
Cloud & Infrastructure Security
- Secure cloud environments across AWS, Azure, and hybrid infrastructures.
- Implement identity and access management (IAM), network security, encryption, and cloud governance controls.
- Review and enhance cloud security configurations and deployment architectures.
- Support container and Kubernetes security initiatives.
- Collaborate on security requirements for third-party vendors, integrations, and outsourced technology solutions.
Security Automation & Monitoring
- Automate security testing, compliance checks, and vulnerability scanning processes.
- Implement and maintain security monitoring and alerting solutions.
- Support incident detection, response, and remediation activities.
- Improve security operations through automation and workflow optimization.
- Develop security dashboards, reporting mechanisms, and compliance monitoring processes.
Compliance, Governance & Documentation
- Develop and maintain security policies, standards, procedures, and operational documentation.
- Support compliance initiatives related to industry standards and regulatory requirements.
- Document security findings, risk assessments, and remediation plans.
- Participate in internal and external security audits.
- Advocate for continuous security improvement across the organization.
Security Awareness & Leadership
- Provide security awareness training and guidance to engineering and business teams.
- Mentor developers and operations teams on secure development and deployment practices.
- Stay informed on emerging cybersecurity threats, vulnerabilities, and security technologies.
- Act as a security advisor for business initiatives and technology projects.
- Escalate critical security concerns and risks to leadership when necessary.