Job Closed
This listing is no longer active.
The global leadership community of extraordinary chief executives.
DevSecOps Engineer
Location
United States
Posted
77 days ago
Salary
0
Seniority
Senior
Job Description
DevSecOps Engineer
YPO
• Architect, implement, and continuously improve secure-by-design controls across multi-cloud environments (AWS, Azure, GCP) • Develop and enforce Infrastructure as Code and policy-as-code guardrails (Terraform, CloudFormation, ARM, OPA, Sentinel, Azure Policy, AWS SCPs) with automated configuration validation and remediation • Design and maintain security controls within CI/CD pipelines, integrating SAST, DAST, SCA, container and IaC scanning, and automated security gates to prevent high-risk code while optimizing pipeline performance • Lead threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, and security design/code reviews to mitigate risk prior to deployment • Define and promote secure coding standards for backend APIs, mobile applications, and AI-powered services; partner with developers to remediate vulnerabilities and improve triage accuracy • Enforce and audit enterprise IAM and Zero Trust principles (RBAC, PAM, SSO, MFA, OAuth/OIDC, SAML), including access reviews, entitlement governance, and privilege drift detection • Own the vulnerability management lifecycle, including asset discovery, continuous scanning, risk-based prioritization, remediation tracking, penetration testing coordination, and risk register reporting • Develop and maintain incident response playbooks, tabletop exercises, and cloud/pipeline-specific runbooks • Integrate application and cloud telemetry into SIEM/SOAR platforms; define detection standards, support log ingestion strategy, conduct threat hunting, and assist with incident response and forensic investigations • Cooperate with the IT Security & Operations team to document risks within the risk register, track remediation progress and incident response • Partner with Cloud Engineering teams to secure infrastructure and services • Automate security operations, compliance validation, audit artifact generation, dashboards, and reporting using scripting (Python preferred) • Operationalize compliance frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, CCPA), support audit readiness and third-party risk management, and ensure alignment with internal governance and change management standards
Job Requirements
- 5+ years of hands-on experience in security engineering, with at least 3 years focused on cloud infrastructure security (AWS, Azure, and/or GCP)
- Experience integrating security tooling into CI/CD platforms (GitHub Actions, Azure DevOps, GitLab CI, Jenkins, etc.)
- Experience securing AI/ML infrastructure, including model APIs, data pipelines, vector databases, and inference endpoints
- Experience with AI technologies, ability to monitor LLM usage, audit model access controls, etc.
- API abuse detection across the entire SDLC
- Strong experience with IaC tools (Terraform, CloudFormation, ARM)
- Familiarity with container security and Kubernetes environments
- Experience with SAST, DAST, SCA, and dependency scanning tools
- Proficiency in Python or equivalent scripting language
- Strong knowledge of IAM, encryption, OAuth/OIDC, RBAC, and secure cloud architecture principles
- Understanding of compliance & security frameworks (SOC 2, ISO 27001, NIST)
- Exposure to mobile application security on native iOS and/or Android platforms, including API security, token management, and mobile threat defense
Benefits
- Ability to work flexible and/or extended hours as needed to accommodate members and team members in multiple time zones
- Willingness and ability to travel, domestically and internationally, without restrictions, approximately 5-10% per year
Related Guides
Related Categories
Related Job Pages
More DevOps Engineer Jobs
• Manage and implement infrastructure as code using Terraform, Bicep, or ARM Templates. • Administer and optimize Kubernetes clusters (AKS), ensuring application scalability and security. • Monitor and optimize environment performance. • Ensure environment security and compliance by managing access controls. • Work with development teams to improve continuous delivery workflows and DevOps best practices.
• You will design and build the infrastructure primitives that define how Chainlink Decentralized Oracle Networks (DONs) scale across internal systems and the decentralized ecosystem. • You will help create the CRE (Kubernetes-based) control plane that enables: • Deterministic horizontal scaling of DONs • Safe and repeatable infrastructure expansion • Improved operational efficiency and scalability • You will develop the core infrastructure components, including Kubernetes Operators and scaling automation, that Product teams will adopt and then might later be distributed to external node operators to improve decentralized scaling.
• Lead the design, architecture, and management of CI/CD pipelines using GitHub Actions (and similar tools), ensuring fast, reliable, and reproducible software delivery. • Implement and enforce test-driven deployment systems, integrating automated testing, validation, and monitoring to maintain code quality and accelerate feedback cycles. • Containerize applications and microservices with Docker, optimize image builds, and manage deployment pipelines for distributed environments. • Oversee the build, packaging, and publishing lifecycle for JavaScript, TypeScript, and C++ packages, including versioning, semantic tagging, and NPM or internal registry publication. • Develop and maintain cross-platform build pipelines using CMake or equivalent tools, ensuring consistent compilation and release workflows across web, desktop, and mobile. • Automate end-to-end release processes, including tagging, building, signing, and distributing mobile, web, and desktop applications. • Define and manage Infrastructure as Code (IaC) to provision and maintain reliable, scalable, and secure infrastructure environments. • Collaborate closely with development, QA, and operations teams to troubleshoot deployment issues, optimize performance, and improve release reliability. • Continuously improve observability and feedback loops, leveraging monitoring and alerting systems to maintain operational excellence.
• Lead the design, architecture, and management of CI/CD pipelines using GitHub Actions (and similar tools), ensuring fast, reliable, and reproducible software delivery. • Implement and enforce test-driven deployment systems, integrating automated testing, validation, and monitoring to maintain code quality and accelerate feedback cycles. • Containerize applications and microservices with Docker, optimize image builds, and manage deployment pipelines for distributed environments. • Oversee the build, packaging, and publishing lifecycle for JavaScript, TypeScript, and C++ packages, including versioning, semantic tagging, and NPM or internal registry publication. • Develop and maintain cross-platform build pipelines using CMake or equivalent tools, ensuring consistent compilation and release workflows across web, desktop, and mobile. • Automate end-to-end release processes, including tagging, building, signing, and distributing mobile, web, and desktop applications. • Define and manage Infrastructure as Code (IaC) to provision and maintain reliable, scalable, and secure infrastructure environments. • Collaborate closely with development, QA, and operations teams to troubleshoot deployment issues, optimize performance, and improve release reliability. • Continuously improve observability and feedback loops, leveraging monitoring and alerting systems to maintain operational excellence.
