Role: Dev SecOps Engineer
Location: Boston, MA (Onsite)
FTE only
Job Description
Roles & Responsibilities
1. Secure SDLC & Application Security ? Embed security controls at every stage of the SDLC.
Conduct threat modeling, secure code reviews, and risk assessments.
Implement SAST, DAST, SCA tools and interpret results for development teams.
Enforce secure coding standards and promote security-first development culture.
2. CI/CD Pipeline Security
Build and maintain secure CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
Automate security scanning and policy enforcement in build and deployment workflows.
Integrate secrets management and environment hardening into pipelines.
3. Cloud & Infrastructure Security
Implement Infrastructure as Code (IaC) security reviews using Terraform, CloudFormation, ARM, or Pulumi.
Validate and enforce cloud security best practices (AWS, Azure, GCP).
Deploy and maintain cloud-native security tools such as AWS GuardDuty, Azure Defender, GCP SCC.
4. Container & Kubernetes Security
Build secure container images and manage scanning (Trivy, Aqua, Clair, Prisma Cloud).
Enforce Kubernetes hardening controls (RBAC, network policies, pod security).
Monitor cluster security posture and remediate vulnerabilities.
5. Security Automation & Tooling
Develop automated playbooks/scripts using Python, Bash, or PowerShell.
Integrate SIEM/SOAR platforms with build/deployment workflows.
Automate vulnerability management workflows and remediation processes.
6. Compliance & Governance
Support adherence to NIST, ISO 27001, SOC 2, PCI-DSS, and internal security policies.
Implement guardrails and policy-as-code using OPA, Conftest, or AWS/Azure policy engines.
Produce audit-ready documentation and reporting.
7. Monitoring & Incident Response
Integrate security telemetry into pipelines and cloud environments.
Respond to and triage security incidents related to CI/CD, code, or cloud workloads.
Conduct root-cause analysis and implement preventative measures.
Experience Required 10+ yrs
Required Skills & Qualifications
3–7+ years’ experience in Cybersecurity, DevSecOps, or Cloud Security roles.
Strong programming/scripting abilities (Python, Go, Bash, or PowerShell).
Hands-on experience with CI/CD tools and automation.
Solid understanding of security vulnerabilities such as OWASP Top 10, CWE, CVE.
Experience with containers and Kubernetes security.
Familiarity with microservices, APIs, and distributed systems.
Knowledge of cloud networking, identity, secrets management, and encryption.