DevSecOps Engineer III
Job Summary
Farnell
Farnell an Avnet company is a global high-service distributor of technology products services and solutions for electronic system design maintenance and repair.
Principal Responsibilities:
Pipeline Security Automation: Design implement and centrally manage advanced security tooling (SAST DAST SCA Secrets Management) directly within high-volume GitHub Actions and GitLab CI/CD pipelines.
Azure Cloud Security Engineering: Engineer and enforce security controls for our Azure-native services (e.g. AKS Azure Functions App Services) with a strong emphasis on Managed Identities Azure Policy Defender for Cloud and securing the networking perimeter (e.g. App Gateway WAF).
Secure Design & Governance: Lead threat modeling sessions and security design reviews for net-new large-scale applications. Design and operationalize security guardrails aligned with enterprise standards (OWASP API Security NIST PCI-DSS).
Vulnerability Remediation & Coaching: Drive the end-to-end vulnerability lifecycle from discovery (e.g. coordinating with Red Teams/Bug Bounty) to defining clear actionable security-focused remediation guidance for development teams.
IaC Security: Embed security checks and best practices into our Infrastructure-as-Code workflows primarily using Terraform or Bicep.
Identity & Access Management: Define and implement robust access controls and key management strategies utilizing Azure Key Vault and cloud-native identity solutions.
Other duties as assigned
Distinguishing Characteristics:
Cloud Depth: Hands-on experience securing production workloads in the Microsoft Azure ecosystem. Deep familiarity with key services like AKS Azure Functions App Services and Azure Firewall/WAF.
CI/CD Mastery: Demonstrated expertise automating security controls (scanning gating posture checks) within GitHub Actions and/or GitLab CI/CD.
Security Knowledge: Strong actionable knowledge of the OWASP Top 10/API Security and aligning practices to standards like NIST 800-53.
Automation: Proficiency in Python PowerShell or Bash for creating security automation custom checks and tool integration.
Tooling: Working experience with modern enterprise security tools (e.g. Snyk Checkmarx Prisma Cloud GitHub Advanced Security or ASPM platforms).
Container Security: Practical experience with container runtime security and posture management (e.g. Defender for Containers Falco).
Work Experience:
Typically 5 years with bachelors or equivalent.
Education and Certification(s):
Bachelors degree or equivalent experience from which comparable knowledge and job skills can be obtained.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills.
Required Experience:
IC
About Company
Avnet guides today’s ideas into tomorrow’s technology. We design and manufacture for start-ups – the technology dreamers poised to be the next big thing. And we supply and deliver for the contract manufacturers and OEMs who need to stock shelves around the globe. Our culture was found ... View more