Senior DevSecOps Engineer

Senior Dev Sec Ops  Engineer – Application Security

As a Senior Dev Sec Ops  Engineer within the Application Security team, you will support, secure, manage and deploy solutions that protect the software delivery lifecycle for enterprise applications. This is a highly technical role, requiring a strong understanding of automation, CI/CD infrastructure, software development, and cloud services. Knowledge of information security and application security tools is highly desirable.

The Dev Sec Ops  engineer supports the security of continuous integration and continuous deployment (CI/CD) initiatives and works closely with software developers, system engineers, cybersecurity engineers, and systems administrators. The role is security‑focused and helps CI/CD pipelines deliver secure software at scale while maintaining developer empathy and engineering excellence. Responsibilities include ensuring security tool output quality, removing false positives, and using data and metrics to improve integrated tools.

This role is hybrid (in‑office 3 days per week) in New York, NY.

• Simplify automation that applies security with CI/CD pipelines.
• Consistently learn and share advanced skills and practices that promote team excellence.
• Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments.
• Supervise testing and validation of application security controls across projects.
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
• Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
• Serve as a point of contact for security‑based escalations and remain tightly involved through resolution.
• Build services and tools to enable developers and engineers to easily use security components produced by the Application Security team.
• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle.
• Communicate vulnerability results in a manner understood by technical and non‑technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
• Leverage vulnerability database sources to understand weaknesses, probability, and remediation options supplied by vendors and workarounds.
• Join forces and provision security principles in architecture, infrastructure, and code.
• Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls through the CI/CD pipeline.
• Enrich Dev Ops architecture with security standards and best practices.
• Partner with teams to define key performance indicators (KPIs) and metrics across business units.

• Bachelor’s degree in Computer Science or related field and/or at least 7+ years’ experience in information technology, information security administration or security operations.
• Experience with agile workflows, including Scrum and Kanban.
• Hands‑on experience of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes).
• Understanding of Dev Sec Ops  tooling, including Terraform, Ansible, and CI/CD pipelines.
• Experience with operations and security across Amazon Web Services (AWS).
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation.
• Proficient in designing, building, and deploying complex engineering solutions.
• Expert programming knowledge in Python. Other languages a bonus.
• Interested in agentic software development, including developing agentic skills to accelerate feature requests and improve the quality of solutions delivered.
• Excellence in communicating business risk and remediation requirements from assessments.

• Enjoy generous time‑away and health benefits from day one, with the opportunity for flexible work options.
• Receive 2‑for‑1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you…