Senior DevSecOps Engineer

Job Purpose:

The Senior Dev Sec Ops  Engineer is an individual contributor responsible for designing, implementing, and operating security controls across the software development lifecycle (SDLC). This role partners closely with Engineering teams, IT Operations, and the Manager of Cyber Security to embed security directly into development workflows, CI/CD pipelines, and cloud platforms. The core function of this role is active, hands-on partnership with Engineering teams to build secure-by-default patterns, improve secure design and delivery practices, and implement security controls within existing development and operational workflows.

While the role maintains awareness of governance and compliance requirements, the primary focus is practical engineering execution that results in scalable, auditable, and repeatable security outcomes.

Essential Duties and Responsibilities:

Secure SDLC Implementation & Governance Awareness

* Design, implement, and maintain security controls across all SDLC phases

* Translate security policy, OWASP guidance, and SOC-aligned requirements into engineering standards and pipeline controls

* Embed security checks and guardrails into Agile and Dev Ops workflows (Jira Software, Azure Dev Ops)

* Ensure SDLC controls generate reliable, repeatable audit evidence supporting SOX and SOC 1 / SOC 2 assessments

Architecture & Design Security

* Perform application risk profiling and threat modeling for new and materially changed systems

* Review application, API, and platform architectures from a security and risk perspective, providing guidance on required security controls and integration patterns

* Design and implement security architecture components, guardrails, and shared controls supporting:

* Azure PaaS resources and identity integrations (Entra , Azure B2C/External )

* Web applications hosted on IIS and Node.js

* APIs and externally exposed services

* Data platforms including Microsoft SQL, Oracle SQL, Cosmos

DB, Databricks, and Microsoft Fabric

* Partner with architects and engineers to ensure alignment with approved security patterns and baselines, without owning application code or business logic

CI/CD, Pipeline & Tooling Security

* Secure CI/CD pipelines and Git-based workflows

* Implement application security tooling integrations and tune results for actionable signal

* Integrate SAST, DAST, SCA, image scanning, and secrets detection into pipelines

* Implement secure secret management, pipeline access controls, and deployment protections

* Configure and maintain security controls for Web Application Firewalls (WAF), API gateways, and ingress layers

Verification, Testing & Defect Management

* Define security testing requirements and acceptance criteria aligned to SDLC controls

* Implement and maintain automated security testing workflows

* Validate remediation of application and pipeline security findings

* Maintain traceability between findings, fixes, Jira tickets, and generated audit evidence

Operations, Incident Support & Continuous Improvement

* Participate in incident response activities related to application, pipeline, and identity security

* Support root-cause analysis and implement preventative improvements through enhanced observability and security telemetry

* Validate backup, restore, and disaster recovery controls with a security and access-control focus

* Define and track security metrics supporting continuous improvement and SOC evidence requirements

Qualifications:

* Bachelor's degree in Computer Science, Information Security, Information Systems or a related field

* Minimum 5 years of experience in Dev Sec Ops , application security, or secure platform engineering

* Demonstrated experience implementing and operating security controls across CI/CD, cloud, and SDLC environments

* Strong foundational knowledge across Dev Ops and platform engineering, including:

* Core networking concepts (VPC/VNet, DNS, TCP/IP, TLS, load balancing, proxies, firewall/NSG)

* Windows and Linux systems (processes, permissions, file systems, networking, troubleshooting)

* Git-based workflows (branching strategies, pull requests, releases)

* Scripting and automation (Power Shell, Bash, and/or Python)

* Strong hands-on experience implementing Dev Sec Ops  security controls, including:

* Secure SDLC practices and OWASP guidance (from a control, tooling, and risk perspective)

* Azure cloud security and identity services (Entra , Azure B2C/External )

* CI/CD pipelines, Git-based workflows, and build/deploy automation

* Containers and orchestration fundamentals (Docker, Kubernetes) and Infrastructure as Code (Terraform, Ansible)

* Vulnerability management tooling (SAST, DAST, SCA, image scanning)

Preferred Qualifications - Security Certifications

* Microsoft security certifications aligned to Azure, identity, and cloud architecture (e.g., SC-100, AZ-500, SC-300)

* Industry-recognized security certifications such as CSSLP, CISSP, CISM, or relevant GIAC credentials

Education and/or Experience

Required:

Language Skills Sets:

* Ability to read,…