DevSecOps Engineer

DevSecOps Engineer Fully remote (working EST) Salary: $128-170k The DevSecOps Engineer (Application Security) is a highly technical role responsible for embedding security into every stage of the software development lifecycle. This individual will focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling to strengthen secure development practices. The role requires strong expertise in application security, secure coding practices, and DevSecOps methodologies, along with a solid understanding of software development processes and foundational knowledge of infrastructure and operating systems. Key ResponsibilitiesBuild strong relationships with developers, product stakeholders, and agile teams to integrate security into application design and delivery (20%)Perform security testing and validation of application security controls across multiple initiatives (15%)Implement and enhance defensive security practices across applications and supporting infrastructure (15%)Support and enforce CI/CD security strategies in collaboration with engineering and platform teams (10%)Apply expertise in SAST, SCA, DAST, and Infrastructure-as-Code (IaC) scanning tools and methodologies (20%)Identify vulnerabilities through automated scanning and manual code review; drive remediation efforts (10%)Apply threat modeling techniques to strengthen application design and reduce risk (10%)Act as an escalation point for application security issues and support resolution effortsDevelop and improve tools and services that enable developers to adopt security best practices efficientlyAutomate and streamline security controls within CI/CD pipelinesSupport \"shift-left\" security initiatives by embedding security early in the SDLCApply foundational cloud security knowledge, including IAM, container security, and baseline hardening practicesPerform other duties as assignedRequired QualificationsBachelor's degree (BA/BS) in Finance, Accounting, Business, Computer Science, or a related field, or equivalent professional experience7+ years of experience in information technology, information security administration, or security operationsExperience working in Agile environments, including Scrum and Kanban methodologiesStrong understanding of container technologies (e.g., Docker) and container orchestration platforms (e.g., Kubernetes, Docker Swarm)Experience with infrastructure automation and configuration tools such as CloudFormation, Terraform, Ansible, and JenkinsProficiency in securing Windows and Unix/Linux operating systems, endpoint applications, network protocols, and related infrastructure componentsScripting experience in one or more of the following: Python, Bash, Perl, or PowerShellSolid understanding of application security principles and frameworks, including OWASP Top 10, CVSS scoring, MITRE ATT&CK, and the software development lifecycle (SDLC)Preferred CertificationsCISSPGIAC certifications (e.g., GCSA, GWAPT)AWS Security Specialty or related certifications