×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Systems Engineer Network Security

DevSecOps Engineer

Job in New York, New York County, New York, 10261, USA
Listing for: Lockedinai
Full Time position
Listed on 2026-06-06
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Systems Engineer, Network Security
Salary/Wage Range or Industry Benchmark: 140000 - 195000 USD Yearly USD 140000.00 195000.00 YEAR
Job Description & How to Apply Below
Location: New York

Job Title Dev Sec Ops  Engineer Compensation $140,000 – $195,000 USD / yr##

Role Overview We are looking for a security-minded, automation-first Dev Sec Ops  Engineer to embed security into every stage of Locked In AI’s software development and deployment lifecycle. This is a shift-left security role — you will ensure that security is not an afterthought bolted on at the end, but a fundamental part of how code is written, tested, built, deployed, and operated across a platform serving over 1 million users.

As a Dev Sec Ops  Engineer, you will sit at the intersection of development, security, and operations. Your scope spans the entire software delivery pipeline — from secure coding practices and automated security testing in CI/CD pipelines, to infrastructure hardening and container security, to runtime monitoring and incident response.

The ideal Dev Sec Ops  Engineer combines strong software engineering and Dev Ops skills with deep security expertise. You automate everything — from static and dynamic analysis in the build pipeline to vulnerability scanning in production. You understand that security at startup speed means building automated systems that protect without slowing anyone down.##

Key Responsibilities ### Secure CI/CD Pipeline Engineering
* Design, implement, and maintain security-integrated CI/CD pipelines that automate security testing at every stage — from code commit through build, test, staging, and production deployment
* Embed SAST, DAST, SCA, and secret scanning into automated build pipelines — ensuring vulnerabilities are caught before code reaches production
* Implement container image scanning, infrastructure-as-code security validation, and dependency vulnerability checks as mandatory gates in the deployment pipeline
* Build automated policy enforcement that blocks deployments failing security thresholds while providing developers with clear, actionable remediation guidance### Application Security & Secure Development Practices
* Champion shift-left security practices — working directly with development teams to integrate secure coding standards, threat modeling, and security reviews early in the development process
* Conduct security code reviews, architecture reviews, and threat modeling sessions for new features and services — identifying risks and recommending mitigations before code is written
* Develop and maintain secure coding guidelines, security patterns, and reusable security libraries that make it easy for developers to build secure features by default
* Track and remediate application vulnerabilities — managing the vulnerability lifecycle from discovery through prioritization, remediation, and verification### Infrastructure Security & Cloud Hardening
* Implement infrastructure security best practices across cloud environments (AWS, GCP, or Azure) — including network segmentation, least-privilege IAM policies, encryption at rest and in transit, and security group management
* Secure containerized environments — hardening Docker images, configuring Kubernetes security policies (network policies, pod security standards, RBAC), and implementing runtime container security monitoring
* Manage Infrastructure as Code (IaC) security — scanning Terraform, Pulumi, or Cloud Formation templates for misconfigurations, compliance violations, and security risks before deployment
* Implement secrets management solutions (Hashi Corp Vault, AWS Secrets Manager, or similar) that eliminate hardcoded credentials and enforce secure secret rotation and access controls### Security Monitoring, Detection & Incident Response
* Build and maintain security monitoring and alerting systems — implementing SIEM integration, log aggregation, and anomaly detection that provide real-time visibility into security events across the platform
* Develop detection rules, correlation queries, and automated response playbooks that identify and respond to security incidents — including unauthorized access, suspicious API activity, and infrastructure anomalies
* Participate in on-call security rotations and lead security incident response — coordinating investigation, containment, remediation, and post-incident…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search