DevSecOps Engineer

Submit your application and resume through our online form. We'll review your qualifications and get back to you soon.

Silpa Companies, LLC is a national IT consulting and staffing firm empowering organizations across multiple industries through a blend of AI adoption, Master Data Management, Data and Analytics, Cybersecurity, Cloud Engineering, Dev Sec Ops /Git Ops, Fractional C-Suite leadership, Digital Transformation, and M&A advisory for private equity and software ventures.

Silpa Companies is seeking a hands-on Dev Sec Ops  Engineer for contract, project-based engagements across our cloud engineering, application security, and platform delivery portfolio. You will embed with client engineering teams to build, secure, and automate the pipelines, infrastructure, and delivery workflows that power modern software organizations. This role sits at the intersection of development, operations, and security. You are not a policy writer or an auditor.

You are an engineer who builds secure systems, automates security controls into pipelines, and hardens cloud infrastructure across Azure, AWS, and GCP. You are comfortable writing Terraform, tuning a SIEM alert, reviewing a Docker file for security misconfigurations, and advising a development team on secrets management in the same week. Versatility and technical depth are what make this role work.

• Design, build, and maintain secure CI/CD pipelines using Git Hub Actions, Azure Dev Ops, Jenkins, Git Lab CI, or equivalent tooling.
• Integrate SAST, DAST, SCA, container scanning, and secrets detection tools directly into pipeline workflows.
• Enforce security gates, policy-as-code checks, and compliance controls as automated pipeline steps.
• Manage pipeline secrets, service credentials, and environment configurations using vault solutions (Hashi Corp Vault, AWS Secrets Manager, Azure Key Vault).
• Continuously improve pipeline performance, reliability, and security posture across client delivery environments.
• Design and implement secure cloud infrastructure across Azure, AWS, and GCP using infrastructure-as-code (Terraform, Bicep, Cloud Formation, Pulumi).
• Harden cloud environments against misconfigurations using tools such as Prisma Cloud, Wiz, Defender for Cloud, or AWS Security Hub.
• Implement and manage identity and access controls including IAM policies, service accounts, RBAC, and least-privilege enforcement.
• Configure and maintain network security controls including VPCs, security groups, private endpoints, and zero-trust network access patterns.
• Monitor cloud environments for security events, anomalies, and compliance drift using SIEM and cloud-native observability platforms.
• Secure containerized workloads and Kubernetes clusters including pod security policies, network policies, image scanning, and runtime protection.
• Manage and harden Kubernetes environments across AKS, EKS, and GKE.
• Enforce image provenance, vulnerability scanning, and supply chain security practices across container registries.
• Partner with development teams to shift security left and build a culture of secure-by-default engineering.
• Conduct architecture reviews and threat modeling sessions to identify security risks early in the development lifecycle.
• Produce clear documentation for pipelines, runbooks, security controls, and infrastructure configurations.
• Support incident response activities including forensic data collection, environment containment, and post-incident hardening.
• Assess and harden AI-powered applications and LLM integrations against threats defined in the OWASP LLM Top 10.
• Integrate AI-specific security scanning and validation controls into CI/CD pipelines for applications that consume LLM APIs or deploy ML models.
• Evaluate and enforce data privacy and access controls for AI workloads including RAG pipelines, vector databases, fine-tuning datasets, and model endpoints.
• Support secure deployment of AI services across Azure OpenAI, AWS Bedrock, and Google Vertex AI including network isolation, identity controls, and logging.

• 3 or more years of hands-on Dev Sec Ops , platform engineering, or cloud security engineering…