Senior DevSecOps Specialist
CORE PROFILE
The Senior DevSecOps Specialist ensures Maya’s applications are built securely by design. As a member
of the DevSecOps team, this role focuses on delivering advanced security automation, conducting
technical reviews and partnering with product and engineering teams to implement secure-by-design
practices.
This role requires strong technical expertise, the ability to champion security best practices and
collaboration with cross-functional teams to reduce risk and improve security maturity. The Senior
DevSecOps Specialist is expected to lead security initiatives, drive automation and mentor junior
engineers.
NATURE OF WORK
The Senior DevSecOps Specialist ensures that security is a fundamental part of Maya’s development lifecycle,
working at the intersection of security, engineering and operations.
Responsibilities:
- Implement and optimize AppSec tools in CI/CD workflows (e.g. SAST, DAST, SCA, secret scanning).
- Partner with tech and product teams to embed security early in the design and development phases.
- Conduct threat modeling and security design reviews for high-risk product features.
- Provide secure coding guidance and develop security guardrails or templates for developers.
- Drive improvements in secure SDLC coverage, such as automated testing, linting, and remediation
- workflows.
- Participate in cross-functional security initiatives and incident response simulations.
DISPLAYED SKILL MASTERY
- 5+ years in AppSec, DevSecOps, or related SDLC security engineering roles.
- Advanced skills in integrating AppSec tooling with CI/CD pipelines.
- Proficient in Python, JavaScript or similar for automation of security checks.
- Deep understanding of modern web app and API security risks (e.g. OWASP Top 10).
- Experience with threat modeling frameworks (e.g., STRIDE, PASTA) and secure design patterns.
- Understanding of OAuth, tokenization, and application-level authz/authn controls.
- Strong communication and mentorship skills within technical teams.
EXPECTED RESULTS
OBJECTIVES & KEY RESULTS
- Grow the Business the Right Way
- Enforce strong governance over product and service security.
- Delight Our Customers
- Improve proactive security measures to enhance trust and protection.
- Build an Engaged Corporate Culture
- Foster a DevSecOps-first culture and mentor engineers in security best practices.
- Drive Operational Excellence
- Ensure a scalable, efficient, and well-managed DevSecOps security framework.
REQUIRED QUALIFICATIONS
- Bachelor Degree in Information Technology, Computer Science, or equivalent
- 5+ years of practical experience in DevSecOps, Security Automation, or Application Security.
- Proficiency in modern CI/CD pipelines and securing code delivery workflows.
- Strong programming/scripting skills (Python, Java, Bash) for security automation.
- Experience with cloud security and compliance frameworks (AWS, PCI DSS, ISO 27001).
- Understanding of container security, Kubernetes, and microservices security.
- Familiarity with code review practices, threat modeling, and product-level risk analysis.
- Solid knowledge of secure software development principles.
- Familiarity with OAUTH protocols for secure authentication and authorization.