The DevSecOps Engineer is responsible for embedding, auditing, and enforcing security across the entire software development lifecycle within modern DevOps and cloud environments. This role focuses on integrating security controls into CI/CD pipelines, DevOps tooling, and software engineering workflows to support secure-by-design development and delivery. Partners closely with internal engineering teams to design, implement, and enforce security controls across cloud infrastructure, application platforms, and automation pipelines ensuring software can be built and deployed securely at scale. Aligns security requirements with development practices to improve visibility and threat detection and ensures consistent security standards across DevOps and software engineering tools. Contributes to foundational security operations which includes vulnerability management and assisting with incident response efforts.

Responsibilities:

• Embeds and enforces security throughout the Software Development Life Cycle (SDLC) by integrating automated controls (e.g., SAST, DAST, SCA, secrets detection, and IaC scanning) into CI/CD pipelines, DevOps tooling, and cloud-native workflows. Partners with development and platform teams to identify and remediate security vulnerabilities early in the development process while maintaining development speed and minimizing release delays.
• Collaborates with engineering teams to design, implement, and maintain scalable security controls across cloud infrastructure and application environments, to ensure consistent enforcement of company standards and compliance requirements. Drives comprehensive visibility and threat detection through centralized logging, monitoring, and alerting integrations to enable proactive identification of misconfigurations, anomalous behavior, and emerging threats across the production landscape.
• Develops and continually improves processes supporting the IT Security Framework to include vulnerability management, risk management, and remediation tracking. Conducts regular vulnerability scans across on-premises and cloud environments while prioritizing risks based on severity, exploitability, and business impact. Coordinates remediation with internal teams and external vendors to ensure timely closure and measurable risk reduction.
• Serves as a primary responder for security incidents by triaging alerts, containing threats, performing root cause analysis, and producing detailed incident reports documenting findings, response actions, and lessons learned. Identifies and investigates actual or suspected security violations, conducts thorough follow-up analysis and provides recommendations to prevent recurrence and strengthen the company's overall security posture.

Requirements:

• High school diploma or GED required
• Bachelor's degree in Computer Science, Information Technology, Information Security, and/or a related field or an equivalent combination of education and experience preferred
• Minimum five (5) years of experience in IT Security
• Minimum three (3) years of experience in DevOps Engineering
• Experience with Github and Azure DevOps preferred
• Experience with Kubernetes and Docker preferred
• Experience with Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools
• Experience in Security incident management and reporting
• Experience with vulnerability management and remediation
• CISSP, SecurityX (CASP+), or GCIH preferred
• Excellent verbal and written communication, planning, analysis and organizing skills
• Strong troubleshooting and problem-solving skills

Compensation
The anticipated pay range/scale for this position is commensurate with experience. Actual starting base pay within this range will depend on factors including geographic location, education, training, skills, and relevant experience.

Additional Compensation
This position is eligible to receive a discretionary annual bonus.

Perks and Benefits

Employees have the opportunity to participate in medical, dental and vision insurance; flexible spending accounts and/or health savings accounts; dependent savings accounts; 401(k) with company matching contributions; employee stock purchase plan; and a tuition reimbursement program. The Company provides 9 paid holidays per year, and, upon hire, new employees will accrue paid time off (PTO) at a rate of 0.0577 hours of PTO per hour worked, up to a maximum of 120 hours per year.

#LI-PH1