DevSecOps Engineer

DevSecOps Engineer

Fully remote (working EST)

Salary: $128-170k




The DevSecOps Engineer (Application Security) is a highly technical role responsible for embedding security into every stage of the software development lifecycle. This individual will focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling to strengthen secure development practices.




The role requires strong expertise in application security, secure coding practices, and DevSecOps methodologies, along with a solid understanding of software development processes and foundational knowledge of infrastructure and operating systems.

Key Responsibilities

• Build strong relationships with developers, product stakeholders, and agile teams to integrate security into application design and delivery (20%)
• Perform security testing and validation of application security controls across multiple initiatives (15%)
• Implement and enhance defensive security practices across applications and supporting infrastructure (15%)
• Support and enforce CI/CD security strategies in collaboration with engineering and platform teams (10%)
• Apply expertise in SAST, SCA, DAST, and Infrastructure-as-Code (IaC) scanning tools and methodologies (20%)
• Identify vulnerabilities through automated scanning and manual code review; drive remediation efforts (10%)
• Apply threat modeling techniques to strengthen application design and reduce risk (10%)
• Act as an escalation point for application security issues and support resolution efforts
• Develop and improve tools and services that enable developers to adopt security best practices efficiently
• Automate and streamline security controls within CI/CD pipelines
• Support “shift-left” security initiatives by embedding security early in the SDLC
• Apply foundational cloud security knowledge, including IAM, container security, and baseline hardening practices
• Perform other duties as assigned

Required Qualifications

• Bachelor’s degree (BA/BS) in Finance, Accounting, Business, Computer Science, or a related field, or equivalent professional experience
• 7+ years of experience in information technology, information security administration, or security operations
• Experience working in Agile environments, including Scrum and Kanban methodologies
• Strong understanding of container technologies (e.g., Docker) and container orchestration platforms (e.g., Kubernetes, Docker Swarm)
• Experience with infrastructure automation and configuration tools such as CloudFormation, Terraform, Ansible, and Jenkins
• Proficiency in securing Windows and Unix/Linux operating systems, endpoint applications, network protocols, and related infrastructure components
• Scripting experience in one or more of the following: Python, Bash, Perl, or PowerShell
• Solid understanding of application security principles and frameworks, including OWASP Top 10, CVSS scoring, MITRE ATT&CK, and the software development lifecycle (SDLC)

Preferred Certifications

• CISSP
• GIAC certifications (e.g., GCSA, GWAPT)
• AWS Security Specialty or related certifications

...