DevSecOps Engineer

About the position

The DevSecOps (AWS Security) Engineer will be responsible for implementing and optimizing security controls for AWS cloud infrastructure. This role involves monitoring and reviewing the application and infrastructure security posture, initiating remediation efforts with relevant teams, and recommending new or revised security measures and countermeasures for current security challenges. The engineer will integrate DAST and SAST tools seamlessly into CI/CD pipelines and collaborate with DevOps and Platform teams to ensure security considerations are embedded from the outset. Additionally, the role includes automating security testing, identifying and implementing security standards for CI/CD pipelines, overseeing logging and monitoring services, and creating and maintaining system documentation and architecture diagrams. The engineer will also support software engineers in following secure development practices and assume a leadership role in knowledge transfer and skill development for team members.

Responsibilities

• Implement and optimize security controls for AWS cloud infrastructure.
• Monitor and review application and infrastructure security posture, initiating remediation efforts with relevant teams.
• Recommend new or revised security measures and countermeasures for current security challenges.
• Integrate DAST and SAST tools seamlessly into CI/CD pipelines.
• Collaborate with DevOps and Platform teams to ensure security considerations are embedded from the outset.
• Automate security testing (e.g., vulnerability scanning, static code analysis) within the deployment pipeline.
• Identify, create, and implement security standards for CI/CD pipelines and infrastructure deployment automations.
• Oversee the implementation and administration of logging and monitoring services to safeguard the security and integrity of applications.
• Create and maintain system documentation, architecture diagrams, and online collaborative documentation (e.g., Wiki) with high quality.
• Support software engineers in following the software delivery lifecycle and secure development practices.
• Assume a leadership role in knowledge transfer and skill development for team members.

Requirements

• 5+ years of demonstrable experience with AWS cloud security infrastructure and tools.
• Experience with three or more of the following AWS services: GuardDuty, CloudTrail, CloudWatch, Inspector, SecurityHub, TrustedAdvisor, Config, ControlTower / GuardRails.
• Experience using organizational cloud governance constructs (e.g., AWS Organizations including OUs and SCPs).
• Strong understanding and experience with IAM, including roles and policies.
• Strong understanding and experience with cloud access control & security mechanisms (e.g., ACL, Security Groups, VPCs).
• Strong knowledge of application development, systems engineering, and network engineering to develop security requirements and best practices, enterprise risk assessment methodologies.
• Experience with CI/CD pipeline tooling (Artifactory/ECR, GitHub Actions).
• Experience with tools such as CloudWatch, Config, Control Tower, Inspector, and Wiz.
• Ability to show initiative and translate business requirements and needs into technical, secure solutions.
• Excellent communication skills with the ability to communicate complex security concepts clearly and concisely.
• Experience mentoring other engineers.