DevSecOps Engineer

About this role

Requirements

• 5+ years of hands-on experience in DevOps, Application Security, and Infrastructure Security
• Proven experience working on production SaaS systems
• Strong software engineering skills with solid application security expertise
• Strong hands-on experience securing cloud environments (AWS / GCP / Azure)
• Practical experience with CI/CD, IaC, and DevOps tooling (GitHub Actions, Terraform, CloudFormation, etc.)
• Hands-on experience with security tools such as CSPM, SAST, SCA, and secret scanning (Orca, Veracode, or similar)
• Experience building automations and integrations around security tooling
• Familiarity with security frameworks such as SOC 2

Responsibilities

• Secure applications and cloud infrastructure end-to-end
• Implement and operate application security controls across the SDLC
• Build, integrate, and maintain security automation inside CI/CD pipelines
• Actively review code, IaC, and architecture from a security perspective
• Perform threat modeling and guide engineers toward secure design decisions
• Identify, triage, and remediate application and infrastructure vulnerabilities
• Own IAM architecture, permissions, access policies, and secrets management
• Execute and manage penetration testing, vulnerability scans, and bug bounty findings