Senior DevSecOps Engineer - Secure CI​/CD & App Security

Senior Dev Sec Ops  Engineer – Application Security

Location:

New York, NY (hybrid: 3 days in office per week)

• Simplify automation that applies security inter‑workings with CI/CD pipelines.
• Learn and share advanced skills and practices that promote team excellence.
• Build relationships with developers, stakeholders, and scrum masters to incorporate security principles into engineering design and deployments.
• Supervise testing and validation of application security controls across projects.
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
• Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
• Serve as a point of contact for security‑based escalations and remain involved through resolution.
• Build services and tools to enable developers and engineers to use security components produced by the Application Security team.
• Support the ability to shift‑left and incorporate security early on throughout the development lifecycle.
• Communicate vulnerability results in a clear manner to technical and non‑technical business units, aligning with risk tolerance and threat assessment, and gain support through influential messaging.
• Leverage vulnerability database sources to understand weakness, probability, and remediation options supplied by vendors, and workarounds.
• Join forces and provision security principles in architecture, infrastructure, and code.
• Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, assess risk, and implement/validate controls as needed through the CI/CD pipeline.
• Enrich Dev Ops architecture with security standards and best practices.
• Partner with teams to define key performance indicators (KPIs) and metrics across business units.

• Bachelor's degree in Computer Science or related field, or at least 7+ years of experience in information technology, information security administration, or security operations.
• Experience with agile workflows, including Scrum and Kanban.
• Hands‑on experience with containers (Docker) and container orchestration (Docker Swarm, Kubernetes).
• Understanding of Dev Sec Ops  tooling:
  Terraform, Ansible, and CI/CD pipelines.
• Experience with operations and security across Amazon Web Services (AWS).
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation.
• Proficient in designing, building, and deploying complex engineering solutions.
• Expert programming knowledge in Python; other languages a bonus.
• Interest in agentic software development, including developing agentic skills to accelerate feature requests and improve the quality of delivered solutions.
• Excellence in communicating business risk and remediation requirements from assessments.

• Generous time‑away and health benefits from day one, with flexible work options.
• 2‑for‑1 matching gifts for charitable contributions and access to annual grants for organizations you support.
• Access to on‑demand professional development resources.

Base salary range: $168,924 – $270,278 (New York). Eligible for an individual annual performance bonus, Capital’s annual profitability bonus, and a retirement plan with a 15% company contribution.

We are an equal‑opportunity employer; we comply with all federal, state, and local laws that prohibit discrimination. Our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking, or any other characteristic protected by law.