DevOps Security Engineer

Skills

About the Role

You will secure software from first line of code to production by reviewing releases, triaging vulnerabilities, and building automated pipeline and infrastructure controls. You will integrate and tune security tools into CI/CD, write automation and policy-as-code, audit IaC and cloud configurations, and harden container orchestration. You will enable engineers with self-service guardrails, run threat modeling for high-risk changes, and contribute runbooks and incident response practices.

Requirements

• 3–5+ years in a combined DevOps, Security Engineering, or DevSecOps role building and operating systems
• Hands-on CI/CD pipeline engineering experience with Jenkins, GitLab CI, or GitHub Actions
• Experience implementing and tuning SAST, DAST, and SCA tools in automated pipelines
• Proven ability to secure production workloads on AWS, Azure, or GCP including IAM and network segmentation
• Hands-on experience securing Docker and Kubernetes environments including image scanning and runtime security
• Proficiency with Infrastructure as Code (Terraform, CloudFormation, or Pulumi) and auditing IaC with policy-as-code
• Strong scripting and automation skills in Python, Go, or Bash
• Experience running or contributing to a vulnerability management program
• Strong understanding of OWASP Top 10, CWE/CVE ecosystems, secrets management, TLS/mTLS, and common web/API attack vectors

Responsibilities

• Conduct deep-dive vulnerability and security reviews of releases before production
• Own and enforce pre-shipment security gates in CI/CD with pass/fail criteria
• Triage and classify vulnerabilities from SAST, DAST, SCA, and container scans
• Maintain and improve a vulnerability management program with SLAs
• Build and improve automated security tooling integrated into CI/CD
• Develop and operate security-focused pipeline stages (static analysis, SCA, dynamic testing, IaC validation, container scanning)
• Build custom security automation and policy-as-code enforcement
• Audit infrastructure-as-code for misconfigurations and policy violations
• Define and enforce cloud security policies across AWS, Azure, or GCP
• Harden container orchestration: RBAC, network policies, pod security, runtime threat detection
• Ensure logging, monitoring, and alerting support incident detection and forensics
• Provide developers with self-service tooling, documentation, and fast feedback
• Build internal security guardrails such as pre-commit hooks, IDE integrations, and hardened CI templates
• Run targeted threat modeling sessions for high-risk features
• Contribute to security standards, runbooks, and incident response playbooks