DevSecOps Engineer

Maxima

$100K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4+ years in DevSecOps or related field focusing on CI/CD security
  • Bachelor's in Engineering or related discipline, Computer Science preferred
  • Experienced in securing cloud environments, especially Google Cloud Platform (GCP)
  • Strong background in hardening CI/CD systems like GitHub Actions
  • Knowledge of security practices for application development including SAST and DAST
  • Proficient in programming languages such as Golang, TypeScript, or Python
  • Familiar with compliance standards like SOC 2 and ISO 42001

Responsibilities

  • Implement and manage DevSecOps practices throughout the Software Development Lifecycle
  • Design and harden CI/CD pipelines with security-first principles
  • Integrate security checks to prioritize high-severity issues in build processes
  • Secure cloud infrastructure in GCP through least privilege and traffic restriction
  • Manage encryption and key rotation safely using Cloud KMS
  • Oversee container hardening and ensure supply chain integrity
  • Monitor CI/CD pipelines and production for compliance and anomalies

Benefits

  • Collaborative startup environment with a high-intensity pace
  • Opportunity to work with cutting-edge security practices and tools
  • Exposure to a variety of compliance frameworks and cloud technologies
  • Potential to influence security culture across the organization
  • Access to a diverse range of projects and responsibilities within a full-stack team
Full Job Description
Your Role at Maxima
  • Implement and manage DevSecOps practices across the entire Software Development Lifecycle (SDLC), ensuring a "shift-left" approach to security.
  • Comfortable with Kubernetes and other container orchestration platforms
  • Design and harden CI/CD pipelines (e.g., GitHub Actions) by implementing minimal permissions and leveraging OIDC with Workload Identity Federation for cloud deployments.
  • Integrate and enforce security checks, including SAST, dependency scanning, and secret scanning (e.g., using tools like Trufflehog or GitGuardian), to fail builds on high-severity issues.
  • Secure cloud infrastructure (GCP) by implementing the principle of least privilege for IAM, configuring VPC firewalls to restrict traffic, and using Google Secret Manager.
  • Manage encryption and key rotation using Cloud KMS, ensuring all secrets are handled securely and not stored in code or plaintext.
  • Oversee container and artifact hardening, including using multi-stage builds, scanning images for vulnerabilities, and signing artifacts (e.g., Cosign) for supply chain integrity.
  • Ensure application code follows secure coding best practices, including input validation, output encoding to prevent XSS, and secure authentication/session management via Descope integration.
  • Monitor CI/CD pipelines and production environments (using GCP and Datadog) for anomalies, security-relevant events, and audit logs to meet compliance requirements.
  • Maintain documentation and controls necessary to align with compliance frameworks, including SOC 2, SOC 1, and ISO 42001 for AI governance.
  • Assist in developer infrastructure work, including deployment automation and internal tooling, in a full-stack environment.


Your Qualifications
  • 4+ years of experience in DevSecOps, Security Engineering, or a related role focused on CI/CD pipeline security.
  • Bachelor's degree in any engineering discipline; Computer Science is preferred but not mandatory.
  • Proven experience securing cloud environments, preferably Google Cloud Platform (GCP), with familiarity in IAM, Secret Manager, VPC controls, and Cloud KMS.
  • Strong practical experience with hardening continuous integration/continuous deployment (CI/CD) systems (e.g., GitHub Actions, Blacksmith, or similar).
  • Proficiency in security practices for application development (SAST, DAST, secret scanning) and a deep understanding of common security anti-patterns (e.g., hard-coded secrets, insufficient input validation).
  • Proficient in languages like Golang, Typescripts, Python, or similar programming languages used for automation and development.
  • Familiarity with compliance standards like SOC 2, PCI DSS, or ISO 42001 and experience generating evidence for auditors.
  • Can handle the high intensity and fast pace of a startup environment.
  • Strong verbal and written communication skills.


Similar Jobs

More Jobs at Maxima

  • DevSecOps Engineer
    $100K — $130K *
    Toronto, ON M3C 0E3
    Information Technology
    In-Person
  • Account Executive
    $90K — $130K *
    Remote
    Finance & Insurance
    Remote in Los Angeles, CA
  • Software Engineer - Toronto
    $80K — $120K *
    Toronto, ON M3C 0E3
    Information Technology
    In-Person
  • Account Executive
    $90K — $130K *
    New York, NY 10025 (New York County)
    Finance & Insurance
    In-Person
  • Account Executive
    $90K — $130K *
    Los Angeles, CA 90011 (Los Angeles County)
    Finance & Insurance
    In-Person

More Information Technology Jobs

Find similar DevSecOps Engineer jobs: