Towne Park

DevSecOps Engineer

Towne Park$100K — $130K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • B.S. in Computer Science or equivalent major.
  • Preferred certifications: AZ-400, AZ-500, or similar.
  • 5+ years in DevOps/SRE/Platform roles, with 2+ years in security ownership.
  • Strong proficiency in Azure DevOps and YAML pipelines management.
  • Production experience with Terraform and/or Bicep, including module design.

Responsibilities

  • Design and maintain Azure CI/CD pipelines for application and infrastructure deployments.
  • Integrate security into development workflows with minimal impact on delivery speed.
  • Define and enforce security guardrails using Azure Policy across environments.
  • Facilitate threat modeling and identify security risks in the development lifecycle.
  • Manage vulnerability assessments and remediations across cloud infrastructure.

Benefits

  • Flexible work schedule with remote work options.
  • Opportunities for professional development and certifications.
  • Collaborative team environment fostering innovation and improvement.
  • Access to advanced security tools and technologies.
  • Health and wellness programs to support employee well-being.
Full Job Description
DevSecOps Engineer will own how software ships and how our cloud infrastructure stays secure — from pipeline to production. This is a hands-on, end-to-end ownership role. Will design and operate our Azure CI/CD pipelines, codify our infrastructure and security policies, and drive remediation of security findings across the environment. Will work directly with application engineers and leadership. ESSENTIAL FUNCTIONS CI/CD & Release Engineering (Azure DevOps) 20% - Design, build, and maintain CI/CD pipelines in Azure DevOps (YAML pipelines) for application and infrastructure deployments - Implement multi-stage release workflows with environment promotion (dev 12 staging 12 production), approval gates, and automated rollback - Establish branch policies, PR validation builds, and quality gates (test coverage, build health) - Own deployment reliability: zero-downtime deployment patterns (blue/green, canary), release cadence, and deployment metrics (lead time, change failure rate, MTTR) - Manage build agents, artifact feeds, and container registries (ACR) 2. Infrastructure as Code (20%) - Partner closely with engineering teams to integrate security into development workflows without reducing delivery velocity. - Develop secure coding guidance, reusable security patterns, and self-service security capabilities. - Support security champion programs and security awareness initiatives for technical teams. - Author and maintain all cloud infrastructure as code using Terraform and/or Bicep 12 no click-ops in production - Build reusable IaC modules for common patterns (networking, app services, databases, key vaults) - Implement state management, drift detection, and plan/apply review workflows integrated into pipelines - Manage environment parity and configuration across dev, staging, and production - Drive cost visibility and right-sizing through tagging standards and IaC-enforced resource policies 3. Policy as Code & Governance 3 (25%) - Define and enforce guardrails using Azure Policy (built-in and custom definitions) across subscriptions and management groups - Implement policy-as-code workflows so governance changes go through version control and CI, not the portal - Enforce standards automatically: allowed regions and SKUs, mandatory encryption, network restrictions, required tags, diagnostic settings - Integrate compliance scanning into pipelines (e.g., Checkov, tfsec, PSRule) so non-compliant infrastructure fails before deployment - Automate collection and reporting of security control evidence to support compliance and audit requirements. - Maintain audit-ready documentation and technical control mappings across applicable regulatory frameworks. - Maintain audit-ready evidence of control enforcement to support SOC 2 / PCI DSS compliance efforts 4. Security Operations & Remediation (25%) - Facilitate threat modeling exercises for applications, cloud services, APIs, and infrastructure platforms. - Identify security design risks early in the software development lifecycle and recommend mitigation strategies. - Design and implement secure network architectures including segmentation, private networking, web application firewalls (WAF), and cloud-native security controls. - Monitor and remediate network exposure risks and cloud security misconfigurations. - Support secure connectivity models including VPN, private endpoints, service meshes, and zero-trust networking architectures. - Own vulnerability management end to end: scanning (SAST, dependency/SCA, container image, DAST), triage, severity-based remediation SLAs, and tracking to closure - Remediate infrastructure-level findings directly (misconfigurations, patching, network exposure, identity over-permissioning); route application-code findings to engineering teams with clear severity, context, and deadlines - Administer secrets management (Azure Key Vault) 12 no secrets in code, pipelines, or configuration files - Implement and tune Microsoft Defender for Cloud and security monitoring/alerting; lead initial response and containment for security incidents - Manage identity and access: Entra ID, RBAC least-privilege reviews, service principals/managed identities, PIM for elevated access - Harden the network layer: NSGs, private endpoints, WAF, segmentation between environments 5. Feature Delivery Enablement (10%) - Implement feature flag infrastructure (e.g., Azure App Configuration / LaunchDarkly) to decouple deployment from release - Support progressive rollouts, A/B exposure controls, and kill switches for safe feature launches - Partner with application engineers to make shipping fast and safe 12 your job is to remove friction, not add gates - Support feature flag platforms and progressive delivery capabilities to enable secure, controlled feature releases. - Implement kill-switch and rollback mechanisms to reduce deployment risk. QUALIFICATIONS Education: B.S. or Major in Computer Science Required Licensure, Certification, etc.: - Preferred: AZ-400, AZ-500, or equivalent Work Experience: - 5+ years in DevOps/SRE/Platform roles, with at least 2 years of hands-on security ownership (DevSecOps, AppSec, or CloudSec) Knowledge & Skills: - Deep, demonstrable Azure experience: App Services / AKS / Functions, networking, Entra ID, Key Vault, Defender for Cloud - Expert with Azure DevOps: YAML pipelines, release management, branch policies, artifact management - Production experience with Terraform or Bicep (both a plus), including module design and state management - Hands-on experience with Azure Policy or equivalent policy-as-code tooling (OPA/Rego, Sentinel, Checkov, PSRule) - Proficiency in at least one scripting language (PowerShell, Python, or Bash) - Track record of remediating security findings yourself 12 not just filing tickets - Strong communication: able to explain risk in business terms and influence engineers without formal authority SCOPE Authority to Act: Performs duties independently with minimal supervision, operating from specific and definite directions and instructions. Decisions are of a routine nature made within prescribed operating guidelines, policies and procedures. Mistakes/errors may result in work stoppage, loss of business, poor customer relations and/or damage to product, all of which can have negative financial implications for the organization. Budget Responsibility: The employee has control over resources available only. WORKING CONDITIONS & PHYSICAL DEMANDS The working conditions and physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Physical Requirements While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to sit or stand for extended periods of time and may be required to run; walk; handle or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus. Lifting Requirements Exerting up to 50 pounds of force occasionally, and/or up to 25 pounds of force frequently, and/or greater than 10 pounds of Force constantly to move objects. Working Environment The majority of work will be performed in climate-controlled environment, but may be exposed to inclement weather and varying degrees of temperatures on occasion. Travel Travel of up to 15% may be required.

About Towne Park

Towne Park is a hospitality services company that provides valet parking, shuttle transportation, and other guest services to hotels, hospitals, and other businesses. It was founded in 1987 and is headquartered in Annapolis, Maryland. The company has over 13,000 employees and operates in over 50 markets across the United States. Towne Park has been recognized for its commitment to customer service and has won several awards for its innovative technology and sustainability initiatives.
Learn more about Towne Park
Size
14,000 employees
Industry
Founded
1988

Similar Jobs

More Jobs at Towne Park

More Information Technology Jobs

Find similar DevSecOps Engineer jobs: