TELECOMMUTE Expert DevSecOps Engineer

Join a premier financial services organization managing substantial investment assets and dedicated to providing specialized retirement planning and health savings solutions. We are seeking a highly technical professional to lead the integration and advancement of security throughout our entire software development lifecycle. In this permanent role, you will help build resilient solutions while enjoying a robust total rewards package that features comprehensive medical, dental, and vision coverage , alongside flexible hybrid work schedules designed to support your work-life balance., Collaborating with software developers, stakeholders, and scrum masters to embed foundational security principles straight into engineering blueprints and active application deployments.

Executing comprehensive security testing and validating application controls across various technical projects to ensure robust secure designs.

Deploying and supervising defensive security strategies and countermeasures across core software applications and underlying infrastructure.

Partnering with engineering leadership to drive, uphold, and consistently embed the overarching CI/CD pipeline security strategy.

Utilising SAST, SCA, DAST, and infrastructure-as-code (IaC) scanning utilities to discover and mitigate code vulnerabilities.

Conducting both automated and manual code reviews alongside proactive threat modeling to optimize secure development lifecycles.

Acting as a core technical point of contact for security-related escalations and driving remediation efforts to full resolution.

Creating custom tools and automated services that allow development engineering teams to seamlessly adopt security workflows within deployment pipelines.

Advancing organizational shift-left practices by implementing security checks at the earliest stages of software creation

QualificationsMust-HavesAt least 7 or more years of professional experience working within information technology, information security administration, or security operations. A Bachelor's degree (BA/BS) in Finance, Accounting, Business, or a related discipline, or an equivalent level of professional experience. Proven hands-on experience managing operations and security parameters within both Amazon Web Services (AWS) and Microsoft Azure environments. Demonstrated proficiency running application security testing with BURP and cloud security platforms like WIZ. Strong capability scripting with automation languages such as Python, Bash, Perl, or PowerShell. Solid understanding of automated deployment pipelines, specifically utilizing GitHub Actions and Jenkins. Familiarity with infrastructure as code and configuration management tools including Terraform, CloudFormation, and Ansible. Clear comprehension of containerization frameworks such as Docker alongside orchestration technologies like Kubernetes or Docker Swarm. Deep understanding of core security frameworks and methodologies, including OWASP, CVSS, MITRE ATT&CK, and secure SDLC practices. Strong capability to secure Windows and *nix operating systems, networking protocols, devices, and endpoint applications. Nice-to-HavesHighly desired industry certifications such as CISSP, GIAC (e.g., GCSA, GWAPT), or AWS Certified Solutions Architect (SSA). SkillsApplication Security Architecture: Deep knowledge of secure coding, threat modeling, and defensive countermeasures. DevSecOps Automation: Expertise in SAST, DAST, SCA, and embedding security gates within CI/CD pipelines. Cloud & Infrastructure Security: Foundational grasp of cloud IAM, container hardening, and operating system security. Cross-Team Collaboration: Outstanding capacity to partner with developers, architects, and scrum masters to foster a security-first culture. Analytical Problem Solving: Ability to evaluate vulnerabilities rapidly, adapt to shifting requirements, and guide technical escalation resolutions.