Senior DevSecOps Engineer
Share
Job Location:
Boston, NH - USA
Monthly Salary:
Not Disclosed
Posted on:
23 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Title: Senior DevSecOps Engineer
Location: Boston MA
Employment Type: Full-Time
Experience: 10 Years (Overall IT) 3-7 Years in Security/DevSecOps
Job Summary
We are seeking a Senior DevSecOps / Application Security Engineer to embed security across the software development lifecycle (SDLC) and cloud-native environments. This role will focus on integrating security into CI/CD pipelines cloud infrastructure containers/Kubernetes and automation frameworks ensuring scalable compliant and secure delivery of applications.
The ideal candidate has strong hands-on experience in application security cloud security DevSecOps practices and security automation and thrives in a highly collaborative engineering environment.
Key Responsibilities
Secure SDLC & Application Security
-
Embed security controls across all phases of the SDLC.
-
Perform threat modeling secure code reviews and risk assessments.
-
Implement and manage SAST DAST and SCA tools and guide development teams on remediation.
-
Enforce secure coding standards and promote a security-first engineering culture.
CI/CD Pipeline Security
-
Design build and maintain secure CI/CD pipelines using tools such as GitHub Actions GitLab CI Jenkins and Azure DevOps.
-
Automate security scanning policy enforcement and compliance checks within pipelines.
-
Integrate secrets management and environment hardening into CI/CD workflows.
Cloud & Infrastructure Security
-
Review and secure Infrastructure as Code (IaC) using Terraform CloudFormation ARM or Pulumi.
-
Enforce cloud security best practices across AWS Azure and/or GCP.
-
Deploy and manage cloud-native security services such as AWS GuardDuty Azure Defender and GCP Security Command Center (SCC).
Container & Kubernetes Security
-
Build and manage secure container images and implement vulnerability scanning using tools like Trivy Aqua Clair or Prisma Cloud.
-
Enforce Kubernetes security controls including RBAC network policies and pod security standards.
-
Monitor Kubernetes clusters and remediate security vulnerabilities.
Security Automation & Tooling
-
Develop automation scripts and workflows using Python Bash Go or PowerShell.
-
Integrate SIEM/SOAR platforms with CI/CD and cloud environments.
-
Automate vulnerability management and remediation processes.
Compliance & Governance
-
Support compliance initiatives aligned with NIST ISO 27001 SOC 2 PCI-DSS and internal security policies.
-
Implement policy-as-code using tools such as OPA Conftest and cloud policy engines.
-
Produce audit-ready documentation metrics and security reports.
Monitoring & Incident Response
-
Integrate security telemetry into CI/CD pipelines and cloud platforms.
-
Respond to and triage security incidents related to applications pipelines and cloud workloads.
-
Conduct root-cause analysis and implement preventive security controls.
Required Skills & Qualifications
-
10 years of overall IT experience with 3-7 years in Cybersecurity DevSecOps or Cloud Security roles
-
Strong scripting and programming skills (Python Go Bash or PowerShell)
-
Hands-on experience securing CI/CD pipelines
-
Deep understanding of OWASP Top 10 CWE CVEs
-
Strong experience with container and Kubernetes security
-
Knowledge of microservices APIs and distributed systems
-
Solid understanding of cloud networking IAM secrets management and encryption
-
Experience with AWS Azure or GCP security services
Nice-to-Have Skills
-
Experience with SIEM/SOAR platforms
-
Exposure to multi-cloud security environments
-
Prior experience supporting regulated or compliance-heavy environments
Soft Skills
-
Strong collaboration and communication skills
-
Ability to influence engineering teams on security best practices
-
Proactive mindset with strong problem-solving abilities
Key Skills
- APIs
- C/C++
- Computer Graphics
- Go
- React
- Redux
- Node.js
- AWS
- Library Services
- Assembly
- GraphQL
- High Voltage
