DevSecOps Specialist

At Newforma, you’ll help shape the future of project information management for architects, engineers, and contractors worldwide. Join a team that’s trusted by over 1,500 firms to simplify how they work. Together, we’re creating tools that connect people to the information they need, faster and smarter. Let’s build something great.

We're seeking a Dev Sec Ops  Specialist to join our Platform Engineering team and play a pivotal role in establishing and evolving our security‑first culture. As Newforma undergoes a strategic migration from Azure to AWS, you'll be instrumental in building secure, automated infrastructure and embedding security practices throughout our software development lifecycle. This is an opportunity to shape the Dev Sec Ops  foundation for a platform trusted by hundreds of thousands of users managing sensitive project data across the construction industry.

• Champion Dev Sec Ops  principles across engineering teams, fostering a culture where security is everyone's responsibility.
• Establish and evangelize security best practices, secure coding standards, and threat modeling approaches.
• Mentor and guide development teams on security automation, vulnerability management, and secure architecture patterns.
• Lead by example, demonstrating how to balance security requirements with development velocity and business needs.
• Conduct security training sessions and create documentation to elevate the organization's security awareness.
• Partner with engineering leadership to define and track security metrics and KPIs.

• Support team to design and implement secure cloud infrastructure on AWS, following the AWS Well‑Architected Framework security pillar.
• Architect and maintain Identity and Access Management (IAM) policies, roles, and service control policies across AWS accounts.
• Support team to implement security controls using AWS services including Guard Duty, Security Hub, Config, Cloud Trail, and WAF.
• Design and enforce network security using VPCs, security groups, NACLs, and AWS Private Link.
• Establish secrets management strategies using AWS Secrets Manager and Parameter Store.
• Lead the security aspects of the Azure‑to‑AWS migration, ensuring secure architecture patterns and data protection.
• Implement infrastructure‑as‑code security scanning and policy enforcement using tools like Checkov, tfsec, or AWS CDK.

• Build and maintain secure CI/CD pipelines integrating security scanning at every stage of the development lifecycle.
• Implement automated security testing including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis).
• Integrate container security scanning and image vulnerability assessment into build pipelines.
• Automate compliance checks and security policy enforcement in deployment workflows.
• Design and implement automated remediation workflows for common security findings.
• Establish secure artifact management and software supply chain security practices.

• Implement and maintain vulnerability scanning and management programs for applications, containers, and infrastructure.
• Establish processes for triaging, tracking, and remediating security vulnerabilities.
• Ensure compliance with industry standards and regulations relevant to the AECO industry.
• Conduct regular security assessments, penetration testing coordination, and security audits.
• Develop and maintain incident response playbooks and participate in security incident response.
• Create and maintain security baselines and hardening standards for systems and applications.

• Design and implement security monitoring, logging, and alerting solutions using Cloud Watch, Cloud Trail, and SIEM tools.
• Establish threat detection and response capabilities for cloud infrastructure and applications.
• Build automated alerting and response mechanisms for security events.
• Conduct security investigations and root cause analysis for security incidents.
• Implement and maintain disaster recovery and business continuity plans from a security…