Senior DevSecOps Engineer

About the position

The Senior DevSecOps Engineer is responsible for designing, implementing, and maintaining secure, scalable, and resilient development and operational processes across the organization. This role drives a security-first culture, ensuring that both existing and emerging platforms adhere to best practices in security, compliance, and reliability. In partnership with software development, architecture, QA, and operations teams, the Senior DevSecOps Engineer empowers continuous integration and delivery (CI/CD) pipelines, automates processes, and provides technical leadership in secure coding, vulnerability assessment, and remediation. This role also serves as a trusted advisor to leadership and key stakeholders, sharing best practices and emerging trends in DevSecOps.

Responsibilities

• Lead the design, implementation, and maintenance of CI/CD pipelines that integrate security controls at every stage.
• Ensure automated testing, vulnerability scanning, and compliance checks are performed continuously.
• Establish and maintain a robust application and infrastructure security posture, including vulnerability scanning, threat modeling, and penetration testing.
• Collaborate with development teams to remediate identified security gaps promptly.
• Architect and maintain secure cloud environments in Azure, AWS, or Google Cloud.
• Champion best practices for container orchestration, including Kubernetes security, network segmentation, and secure container images.
• Advance automation efforts for provisioning, configuration management, and infrastructure deployment (IaC).
• Define and document standardized operating procedures (SOPs) for secure infrastructure deployment and maintenance.
• Partner with cross-functional teams-developers, QA, architects, and operations-to embed security and DevOps principles in the software development lifecycle (SDLC).
• Mentor and coach junior team members on DevSecOps best practices and emerging technologies.
• Implement centralized logging, monitoring, and alerting solutions to track system health and security events.
• Develop incident response processes and lead post-incident reviews to identify root causes and implement improvements.
• Ensure adherence to relevant security and regulatory standards (NIST CSF, SOC 2, ISO 27001, PCI-DSS, HIPAA, etc.).
• Develop and maintain security policies, standards, and guidelines in collaboration with management and other stakeholders.
• Keep abreast of emerging trends and technologies in DevSecOps, cloud security, and application security.
• Evaluate and integrate new tools, technologies, and processes to enhance security, reliability, and efficiency.
• Understand and consistently perform in accordance with ATS Mission, Vision, and Values.
• Support ATS' culture by aligning actions, behaviors, performance, and decisions in accordance with the Company's values as set forth in our All-Employee Competencies.
• Complete work responsibilities outside of normal business hours as needed and infrequent travel may be required.
• Perform other duties and responsibilities as assigned.

Requirements

• A four-year degree in Computer Science, Software Engineering, Information Technology, or a related field.
• Five or more years of experience in DevOps, DevSecOps, or related roles.
• Deep knowledge of security tools and best practices, including vulnerability scanning, intrusion detection, and compliance frameworks (e.g., NIST CSF, SOC 2, ISO 27001, PCI-DSS, HIPAA).
• Strong background in cloud platforms (Microsoft Azure, AWS, or Google Cloud) with a focus on securing cloud infrastructure and services.
• Proficiency with containers (Docker, Kubernetes) and the secure configuration of containerized workloads.
• Experience with CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions) and related automation tools.
• Familiarity with infrastructure-as-code tools (Terraform, Ansible, or CloudFormation) and their secure configurations.
• Experience with logging, monitoring, and alerting solutions (e.g., ELK Stack, Prometheus, Grafana) and best practices for security operations (SOC, SIEM, etc.).
• Strong understanding of application security (OWASP Top Ten, secure coding practices, SAST/DAST).
• Advanced analytical, conceptual, and creative problem-solving abilities.
• Ability to translate complex security or DevOps requirements into actionable solutions.
• Solid experience in generating standardized documentation for DevSecOps processes and best practices.
• Must be self-motivated, work independently, and be a team player amenable to a variety of work projects.
• Must maintain a high level of confidentiality.
• Must be able to demonstrate a proactive commitment to ATS corporate values and the success of all staff.
• Excellent interpersonal and communication skills (written, listening, and verbal).
• Willing and able to travel occasionally, including overnight travel.