Security Architecture Engineer

Job Overview

As a Security Architecture Engineer with a focus on DevSecOps you will play a critical role in ensuring that security is embedded throughout the software development lifecycle (SDLC) and in continuous integration/continuous deployment (CI/CD) pipelines. You will be responsible for designing building and maintaining security controls that ensure application infrastructure and cloud security across both on-premises and cloud environments.

In this role you will collaborate with Security Architects development operations and security teams to automate security processes and implement security as code. You will be expected to bring expertise in both DevOps practices and security principles to ensure rapid yet secure software delivery. This position requires strong technical skills and the ability to work in a fast-paced collaborative environment.

Key Responsibilities

1. Security Integration in DevOps Pipelines

• Design and implement security solutions that integrate seamlessly with DevOps workflows and CI/CD pipelines.

• Automate security testing (SAST DAST IAST) and integrate with existing CI/CD tools like Jenkins GitLab CI Azure DevOps or CircleCI.

• Develop and enforce security-as-code principles ensuring that security policies and compliance controls are applied programmatically during application deployment.

• Collaborate with development teams to embed security into containerization and orchestration platforms like Docker and Kubernetes.

2. Secure Architecture Design & Reviews

• Review and advise on secure architectural patterns for applications microservices APIs and cloud infrastructure.

• Perform threat modeling risk assessments and security reviews of applications and infrastructure to identify and mitigate security risks early in the development process.

• Ensure that the design and deployment of applications align with security best practices such as zero trust architecture least privilege access and data encryption.

3. Automation & Security Tooling

• Implement and maintain security automation tools to monitor and enforce security policies across the development lifecycle.

• Desired experience with tools such as Terraform Ansible or Puppet used to automate infrastructure provisioning with security baked in.

• Desired experience with tools used to manage and enhance security testing for code analysis container security and open-source vulnerabilities (e.g. Aqua Twistlock Trivy Boost).

4. Vulnerability Management & Incident Response

• Work with development and operations teams to fix vulnerabilities identified during automated scans or manual reviews.

• Ensure continuous monitoring of cloud and application environments through security information and event management (SIEM) and cloud security monitoring tools.

• Establish security incident response workflows within DevOps processes to ensure rapid detection and remediation of security incidents.

5. Collaboration & Security Culture

• Serve as a liaison between development operations and security teams in a decentralized regionally dispersed organization to drive the adoption of DevSecOps practices.

• Conduct training and knowledge-sharing sessions to educate developers and operations staff on secure coding practices security testing and DevSecOps principles.

• Work closely with compliance and governance teams to ensure that regulatory requirements (e.g. GDPR HIPAA PCI-DSS) are met within the DevOps environment.

6. Continuous Improvement

• Continuously assess and improve security processes and tools to keep pace with evolving threats and industry best practices.

• Stay current with the latest developments in DevOps cloud security and security automation technologies.

• Ensure that feedback loops are established to learn from past incidents and improve security in future iterations of software development.

Technical Requirements

1. Hands-On DevSecOps Experience

• Strong experience with DevOps tools and platforms (e.g. Jenkins GitLab Travis CI Azure DevOps CircleCI).

• Hands-on experience automating security tests (e.g. SAST DAST IAST) and integrating security tools into CI/CD pipelines.

• Desired exposure to container security tools (e.g. SentinelOne Aqua Security Twistlock Sysdig).

• Desired experience with cloud infrastructure security for AWS Azure or Google Cloud including the use of cloud security tools (e.g. AWS GuardDuty Azure Security Center GCP Security Command Center)

2. Programming & Scripting Skills

• Proficiency in at least one programming language (e.g. Python Go Java ) and scripting languages like Bash or PowerShell.

• Experience with infrastructure-as-code (IaC) tools such as Terraform Ansible Puppet or Chef to automate security configurations.

• Familiarity with building and securing containerized environments particularly with Docker and Kubernetes.

3. Cloud Security Expertise

• Knowledge of securing microservices architectures API gateways and distributed systems.

• Desired experience securing cloud-native services containers and serverless architectures.

• Desired experience in implementing identity and access management (IAM) policies data encryption network segmentation and logging/monitoring in cloud environments.

4. Security Certifications (Preferred)

• Certified Information Systems Security Professional (CISSP)

• Certified Cloud Security Professional (CCSP)

• AWS Certified DevOps Engineer Professional

• Certified Kubernetes Security Specialist (CKS)

• Certified Ethical Hacker (CEH)

Skills & Experience

• Bachelors Degree in Information Security Computer Science or related field (or equivalent work experience).

• 5 years of experience in security engineering or DevSecOps.

• Strong understanding of security frameworks such as NIST CIS and OWASP Top 10.

• Experience in cloud security including public cloud (AWS Azure GCP) and cloud-native applications.

• Demonstrated ability to work with development and operations teams to implement security controls in a DevOps environment.

Teamwork & Collaboration Expectations

• Collaborate with development DevOps and security teams to align on security requirements and practices within the SDLC.

• Work cross-functionally to identify security risks and enforce secure coding cloud and infrastructure practices.

• Provide technical leadership and mentor junior team members on DevSecOps practices and automation.

Ability to Work Independently

• Demonstrate the ability to work autonomously in developing and implementing security architectures for cloud and DevOps environments.

• Manage multiple projects independently prioritizing tasks based on risk and business needs.

• Lead the identification and remediation of security issues within applications and infrastructure without requiring constant oversight.

Training & Development

Ongoing Training:

• Participate in continuous learning and training in cloud security DevSecOps and security automation technologies.

• Pursue professional training and/or certifications in areas such as cloud security and security automation (e.g. AWS Certified DevOps CKS CCSP).

Internal Training:

• Conduct internal training sessions to upskill developers and DevOps teams on secure coding and security automation.

• Participate in company-led cybersecurity training and awareness programs to stay aligned with organizational goals and strategies.

Disclosure required under applicable law in California Colorado Illinois Maryland Minnesota New York New Jersey and Washington states: The expected salary range for this position is $110000 to $130000 and will be impacted by factors such as the successful candidates skills experience and working location as well as the specific positions business line scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role we encourage you to submit your application. By doing so we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance FSA HSA and 401(k) accounts paid-time-off benefits such as vacation sick and personal days and eligible bonuses equity and commissions for some positions.

HUB International Limited is an equal opportunity employer that does not discriminate on the basis of race/ethnicity national origin religion age color sex sexual orientation gender identity disability or veterans status or any other characteristic protected by local state or federal laws rules or regulations.

E-Verify Program

We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process please contact the recruiting team. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.