DevSecOps Engineer

United States, New York
Permanent
Job ID: 2175

Job Description


[c. $220-280k Comp Package | Hybrid Working - 4 Days in Office]

Are you an accomplished DevSecOps Engineer ready to make a significant impact at a leading investment management firm? Our client, renowned for leveraging cutting-edge technology to drive financial innovation, is seeking a DevSecOps Engineer to enhance their Global Information Security team. This role offers a unique opportunity to lead the integration of robust security practices within a cloud-heavy, containerized environment while collaborating closely with developers and DevOps teams to build and manage secure frameworks from the ground up.


Key Responsibilities:

  • Collaborate with DevOps teams to design, implement, and manage a comprehensive DevSecOps framework, embedding security into the CI/CD pipeline
  • Promote and enforce secure coding practices, providing expert guidance on secure development methodologies
  • Manage CI/CD tools from a server level, ensuring their optimal performance and security
  • Develop and implement DevSecOps policies, standards, and training to build security awareness among developers
  • Create secure code frameworks and advise developers on security best practices
  • Implement and manage security testing tools (SAST, DAST, SCA, OSS) within the CI/CD pipeline
  • Automate security controls and compliance checks to ensure adherence to industry best practices and regulatory requirements
  • Troubleshoot and resolve security issues across the software development lifecycle
  • Continuously monitor emerging security threats and vulnerabilities, applying best practices to enhance security posture


Key Requirements:

  • 7+ years of experience in software development, DevOps, or security engineering with a strong emphasis on DevSecOps practices
  • Strong development background with an understanding of best practices in development, capable of effectively communicating with developers
  • Experience managing CI/CD tools such as GitHub, Jenkins, GitLab CI/CD, or Azure DevOps, not just using them but managing them at a server level
  • Proficiency in infrastructure-as-code tools like Terraform or CloudFormation
  • Strong scripting and automation skills using Python, Bash, or similar languages
  • Experience in Application Security, with the ability to create secure code and advise on secure framework design
  • Extensive experience with public cloud environments (AWS, Azure, GCP) and containerization technologies like Docker and Kubernetes
  • Familiarity with security frameworks and compliance standards, including NIST CSF, ISO 27001, and SOC 2
  • (Preferred) Experience within the financial services sector, with a preference for candidates who can navigate the complexities of building security frameworks without the constraints of larger firms


...


Apply for this role

All fields marked with * are required.

I confirm I have a pre-existing Right to Work in this location *

Back to Job Listings