DevSecOps

Role Overview

As a Security Engineer, you will focus on integrating security into our CI/CD pipelines, cloud-native workloads, and development environments. You'll work closely with software engineers, DevOps, architects, and compliance teams to ensure our code, pipelines, and infrastructure meet modern security standards and compliance expectations. This role balances hands-on engineering with strategic influence—ideal for someone ready to own security tooling, automation, and governance in a fast-paced environment.

Key Responsibilities

• Design and implement secure CI/CD pipelines using GitHub Actions, integrating tools for code scanning, dependency management, and artifact integrity
• Enable and enforce GitHub Advanced Security features across all repositories
• Collaborate with engineering teams to apply secure coding practices across applications written in C#, Java, and Python
• Harden and secure Kubernetes environments—focusing on workload policies, RBAC, secrets management, and network segmentation
• Develop reusable security automation for scanning source code, containers, and dependencies
• Build monitoring and alerting around pipeline and runtime security events
• Conduct internal threat modelling, code reviews, and pipeline security assessments
• Contribute to secure development lifecycle (SDLC) policies and documentation
• Support compliance efforts by aligning engineering practices with standards such as NIST 800-53, FedRAMP, and others (as applicable)

Required Skills & Experience

• 3–5+ years of relevant experience in security engineering, DevSecOps, or platform security roles
• Strong hands-on experience with GitHub and GitHub Actions, including workflow creation and security scanning integration
• Exposure to security compliance frameworks (NIST 800-53, FedRAMP, SOC 2, ISO 27001)
• Experience with container/image scanning tools (e.g., Trivy, Grype, Aqua, Prisma)
• Knowledge of Infrastructure-as-Code (IaC) security (Terraform, Checkov, OPA, etc.)
• Practical experience with CI/CD pipelines and embedding security into build, test, and deploy stages
• Familiarity with containerized workloads and securing Kubernetes clusters in production
• Strong coding/scripting skills in C#, Java, and/or Python
• Solid understanding of secure development principles, OWASP Top 10, and software supply chain security and familiarity with SBOMs, SLSA, and supply chain integrity practices
• Proficient in vulnerability triage and remediation processes across code, pipelines, and containers
• Good to have Certifications such as GCSA, CKS, CSSLP, or CISSP