Senior DevSecOps Engineer

DevSecOps EngineerThe DevSecOps Engineer at Ren ensures Security is represented throughout the SDLC and our CI/CD pipelines. They are responsible for implementing security tools and automated testing to ensure our application and environment meet compliance requirements. They help identify gaps in our security posture and work to prioritize remediation across teams.They are an advocate for secure development practices, such as threat modeling, code dependency scanning, framework adherence, and secure IaC deployment. This role is highly collaborative across multiple areas of the business.Duties & Responsibilities:Perform code reviews before production releases to safeguard against deploying vulnerable applicationsManaged SAST and DAST platforms and generate reports for stakeholdersReview reporting related to our Cloud Security Posture and report on compliance issuesWork with DevOps on scanning IaC to remediate issues before infrastructure is deployedAutomate Security tools related to CI/CD pipelinesContribute to monthly Application Vulnerability meetings with stakeholders to align on prioritization and remediationAssist with Annual Penetration Testing of internal ApplicationsAdvise on Secure Cloud practices and runtime environments related to Containers and KubernetesMeasure program health against established frameworks to identify gapsGrow AppSec program by establishing key partnerships and collaborating across multiple teamsEducation & Experience:6+ years experience in Development or DevOps role required2+ years experience in a DevSecOps role desiredBachelor’s degree in Computer Science, Computer Engineering, or related field requiredExperience with Bitbucket/Github, AWS, and Azure requiredExperience with SAST and DAST tools (i.e. Veracode, Snyk, Nexpose, Rapid7)Experience with Cloud Security Posture Management tools (CSPM) and Cloud Security best practicesExperience with tool such as Ansible, Terraform, CloudFormation, BurpSuite, SnykFamiliarity with OWASP, MSDL, NIST SSDF or similar Application Security FrameworkExcellent written and communication skills