Senior DevSecOps Engineer

Job Title: Senior Dev Sec Ops  Engineer

Location: Boston, MA

Employment Type: Full-Time

Experience: 10 Years (Overall IT), 3-7 Years in Security/Dev Sec Ops

We are seeking a Senior Dev Sec Ops  / Application Security Engineer to embed security across the software development lifecycle (SDLC) and cloud-native environments
. This role will focus on integrating security into CI/CD pipelines
, cloud infrastructure
, containers/Kubernetes
, and automation frameworks
, ensuring scalable, compliant, and secure delivery of applications.

The ideal candidate has strong hands-on experience in application security, cloud security, Dev Sec Ops  practices, and security automation
, and thrives in a highly collaborative engineering environment.

• Embed security controls across all phases of the SDLC
  .
• Perform threat modeling, secure code reviews, and risk assessments
  .
• Implement and manage SAST, DAST, and SCA tools
  , and guide development teams on remediation.
• Enforce secure coding standards and promote a security-first engineering culture.

• Design, build, and maintain secure CI/CD pipelines using tools such as Git Hub Actions, Git Lab CI, Jenkins, and Azure Dev Ops
  .
• Automate security scanning, policy enforcement, and compliance checks within pipelines.
• Integrate secrets management and environment hardening into CI/CD workflows.

• Review and secure Infrastructure as Code (IaC) using Terraform, Cloud Formation, ARM, or Pulumi
  .
• Enforce cloud security best practices across AWS, Azure, and/or Google Cloud Platform
  .
• Deploy and manage cloud-native security services such as AWS Guard Duty, Azure Defender, and Google Cloud Platform Security Command Center (SCC).

• Build and manage secure container images and implement vulnerability scanning using tools like Trivy, Aqua, Clair, or Prisma Cloud
  .
• Enforce Kubernetes security controls
  , including RBAC, network policies, and pod security standards.
• Monitor Kubernetes clusters and remediate security vulnerabilities.

• Develop automation scripts and workflows using Python, Bash, Go, or Power Shell
  .
• Integrate SIEM/SOAR platforms with CI/CD and cloud environments.
• Automate vulnerability management and remediation processes.

• Support compliance initiatives aligned with NIST, ISO 27001, SOC 2, PCI-DSS
  , and internal security policies.
• Implement policy-as-code using tools such as OPA, Conftest, and cloud policy engines
  .
• Produce audit-ready documentation, metrics, and security reports.

• Integrate security telemetry into CI/CD pipelines and cloud platforms.
• Respond to and triage security incidents related to applications, pipelines, and cloud workloads.
• Conduct root-cause analysis and implement preventive security controls.

• 10 years of overall IT experience, with 3-7 years in Cybersecurity, Dev Sec Ops , or Cloud Security roles
  .
• Strong scripting and programming skills (
  Python, Go, Bash, or Power Shell
  ).
• Hands-on experience securing CI/CD pipelines
  .
• Deep understanding of OWASP Top 10, CWE, CVEs
  .
• Strong experience with container and Kubernetes security
  .
• Knowledge of microservices, APIs, and distributed systems
  .
• Solid understanding of cloud networking, IAM, secrets management, and encryption
  .
• Experience with AWS, Azure, or Google Cloud Platform security services
  .

• Experience with SIEM/SOAR platforms
  .
• Exposure to multi-cloud security environments.
• Prior experience supporting regulated or compliance-heavy environments.

• Strong collaboration and communication skills.
• Ability to influence engineering teams on security best practices.
• Proactive mindset with strong problem-solving abilities.