DevSecOps Specialist

Production Security

Description:

Overview:

The DevSecOps Specialist plays a key role in embedding security across the software development lifecycle. With a deep understanding of application security and secure development practices, this role focuses on automating and scaling security across CI/CD pipelines, helping engineering teams build secure software without sacrificing speed.

Working closely with product, tech and operations teams, the DevSecOps Specialist simplifies security adoption. Automating compliance, reducing risks and making security a seamless part of the DevOps process. The goal is to protect applications while keeping development fast and efficient.

What you will do:

Own the integration and continuous improvement of AppSec tools (SAST, SCA, DAST) in CI/CD workflows.
Lead security reviews for high-impact features and services.
Design and maintain security-as-code pipelines and controls at the application layer.
Conduct deep-dive threat modeling for product features, APIs and services.
Drive adoption of secure coding practices and provide security guidance to engineers during design and implementation.
Automate detection and remediation of application-level vulnerabilities.
Support the Office of the CISO in executing security strategies and initiatives.

What we are looking for:

3–5 years in AppSec, DevSecOps, or related SDLC security engineering roles.
Strong experience with CI/CD integration for SAST, SCA, and DAST tools.
Familiarity in Python, JavaScript or similar for automation of security checks.
Knowledge of modern web app and API security risks (e.g. OWASP Top 10).