Overview:
Our client is seeking a hands-on DevSecOps Engineer to serve as a subject matter expert and thought leader in secure software development practices. This role will focus on advancing our cloud-native development efforts by integrating security directly into the DevOps process, promoting a “shift-left” approach to security. You will work cross-functionally to embed security at every stage of the software development lifecycle, leveraging technologies such as Kubernetes, containers, and CI/CD pipelines to support scalable, secure, and efficient development practices.

Job Details:

• Conduct in-depth security reviews of application architecture, design, and code across various cloud-based products and platforms.
• Drive the adoption of secure development practices, including threat modeling, security design reviews, and static/dynamic code analysis.
• Lead the integration of automated security tools (SAST, DAST, IAST) into CI/CD pipelines for continuous security testing.
• Collaborate with engineering, product, and security teams to identify risks, remediate vulnerabilities, and build security into new products.
• Act as a key contact for application security incidents, overseeing root cause analysis, mitigation strategies, and prevention measures.
• Stay current with evolving DevSecOps practices, tools, and cloud-native security trends, and apply this knowledge to strengthen the organization’s security posture.
• Contribute to strategic planning by ensuring security considerations are integrated into product and engineering roadmaps.
• Develop and deliver training programs to promote secure coding and DevSecOps practices across development teams.
• Create and maintain security documentation, runbooks, procedures, and policies.
• Define and track key performance indicators (KPIs) to measure the effectiveness of security initiatives and DevOps programs.
• Perform other duties as assigned.

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• 5+ years of experience in application security, DevSecOps, or secure software development.
• Expertise in containerization technologies, including Docker and Kubernetes.
• Strong hands-on experience with Microsoft Azure; familiarity with other cloud platforms (AWS, GCP) a plus.
• Deep understanding of secure coding standards, OWASP Top 10, SANS Top 25, and common web vulnerabilities.
• Proven success leading security initiatives such as threat modeling, security architecture assessments, and remediation strategies.
• Practical experience with integrating security tools (e.g., SAST, DAST, IAST) into CI/CD pipelines.
• Strong programming skills in languages such as .NET, C#, or Python, with the ability to identify and remediate code-level vulnerabilities.
• Experience implementing security in cloud-native and container-based environments.
• Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD) preferred.
• Familiarity with GitOps/DevOps practices and experience building security automation within CI/CD workflows.
• Contributions to the security community (e.g., conference speaking, publishing, open-source involvement) a plus.
• Strong communication and interpersonal skills; ability to collaborate across both technical and non-technical teams.