Dev SecOps Engineer

Hi
I hope youre doing well. I had a chance to review your profile and wanted to discuss a full-time hire position with our client a major Systems Integrator.
Please review the JD below and let me know if you would be interested in exploring the opportunity.

Job Title: Dev SecOps Engineer

Location: Boston MA / Owing Mills MD / Mclean VA ( Onsite )

Duration: Fulltime

Job Description

Roles & Responsibilities

1. Secure SDLC & Application Security Embed security controls at every stage of the SDLC.

Conduct threat modeling secure code reviews and risk assessments.

Implement SAST DAST SCA tools and interpret results for development teams.

Enforce secure coding standards and promote security-first development culture.

2. CI/CD Pipeline Security

Build and maintain secure CI/CD pipelines (GitHub Actions GitLab CI Jenkins Azure DevOps).

Automate security scanning and policy enforcement in build and deployment workflows.

Integrate secrets management and environment hardening into pipelines.

3. Cloud & Infrastructure Security

Implement Infrastructure as Code (IaC) security reviews using Terraform CloudFormation ARM or Pulumi.

Validate and enforce cloud security best practices (AWS Azure GCP).

Deploy and maintain cloud-native security tools such as AWS GuardDuty Azure Defender GCP SCC.

4. Container & Kubernetes Security

Build secure container images and manage scanning (Trivy Aqua Clair Prisma Cloud).

Enforce Kubernetes hardening controls (RBAC network policies pod security).

Monitor cluster security posture and remediate vulnerabilities.

5. Security Automation & Tooling

Develop automated playbooks/scripts using Python Bash or PowerShell.

Integrate SIEM/SOAR platforms with build/deployment workflows.

Automate vulnerability management workflows and remediation processes.

6. Compliance & Governance

Support adherence to NIST ISO 27001 SOC 2 PCI-DSS and internal security policies.

Implement guardrails and policy-as-code using OPA Conftest or AWS/Azure policy engines.

Produce audit-ready documentation and reporting.

7. Monitoring & Incident Response

Integrate security telemetry into pipelines and cloud environments.

Respond to and triage security incidents related to CI/CD code or cloud workloads.

Conduct root-cause analysis and implement preventative measures.

Required Skills & Qualifications

3 7 years experience in Cybersecurity DevSecOps or Cloud Security roles.

Strong programming/scripting abilities (Python Go Bash or PowerShell).

Hands-on experience with CI/CD tools and automation.

Solid understanding of security vulnerabilities such as OWASP Top 10 CWE CVE.

Experience with containers and Kubernetes security. Familiarity with microservices APIs and distributed systems.

Knowledge of cloud networking identity secrets management and encryption.

Thanks & Regards

Sumit Goyal

Sr. Technical Recruiter