Senior Security Engineer, DevSecOps

Scope:

• Provide critical support for our addressing our product security deficiencies, investing in product compliance, and supporting customer trust in our technology solutions. The outcome of this role will improve our overall cyber defense gaps that are impacting our ability to land, expand, and retain customers.

What you'll do:

• Design, implement, and maintain DevSecOps solutions across the CI/CD lifecycle, including secure design standards, threat modeling frameworks, SAST/DAST/IAST integration, secret scanning, and automated security release gates
• Mentoring of more junior team members and upleveling the overall technical skill of the application security and wider security department.
• Identify strategic gaps in product security capabilities, analyzing current state and recommending improvements to DevSecOps roadmaps and organizational security strategy
• Collaborate with cross-functional teams (Product Development, Architecture Review Board, Infrastructure Engineering) to integrate security best practices into application development, cloud deployments, and system architecture, ensuring secure-by-design principles across environments
• Develop and maintain security automation tools for continuous security testing, vulnerability remediation workflows, security release management, and AI-enabled security processes
• Monitor and remediate application security vulnerabilities, misconfigurations, and policy violations from SAST/DAST tools, penetration testing results, and runtime security platforms
• Stay current with emerging DevSecOps technologies, application security standards (OWASP, secure coding frameworks), and security testing methodologies, influencing organizational security architecture with industry best practices
• Support the detection, investigation, and resolution of security incidents related to application vulnerabilities, code security issues, and software supply chain risks
• Configure and optimize application security platforms, IDE security plugins, software composition analysis (SCA) tools, penetration testing vendors (HackerOne), and code-to-runtime visibility solutions
• Support compliance efforts (SOX, PCI-DSS, ISO 27001, SOC 2) by implementing security controls in CI/CD pipelines, SBOM generation, artifact signing, and audit capabilities for regulatory requirements
• Establish, Document, and Educate product development teams on secure coding standards, threat modeling processes, security testing procedures; with the goal of establishing secure application security baselines across the organization

What we are looking for:

• 5+ years of experience in Application Security, DevSecOps Engineering, or Security Engineering roles with hands-on experience implementing security in CI/CD pipelines
• Expert knowledge of application security testing tools and methodologies including SAST, DAST, IAST, SCA, secret scanning, and penetration testing across enterprise environments
• Deep understanding of secure software development lifecycle (SSDLC) fundamentals including threat modeling, secure design principles, secure coding practices, vulnerability management, and security release processes
• Strong experience with Azure cloud security, including cloud-native application security, Infrastructure as Code (IaC) security, and container/Kubernetes security
• Proficient with security automation scripting (e.g., PowerShell, Python, Bash) and CI/CD integration (Jenkins, GitLab CI, GitHub Actions) for automated security testing and remediation workflows
• Experience implementing DevSecOps solutions in fast-paced or highly regulated environments (finance, healthcare, SaaS, etc.) with demonstrated ability to manage complex security requirements and regulatory compliance at enterprise scale

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.