Position Summary
We are seeking an experienced DevSecOps Security Engineer to join our Information Security team to drive cloud security initiatives and secure development practices across our AWS and Azure environments. This role is integral to our comprehensive security transformation program, focusing on implementing security controls, governance frameworks, and automated security practices in our multi-cloud infrastructure. The ideal candidate will bridge the gap between security, development, and operations teams while supporting our NIST CSF 2.0 and CIS Controls alignment initiatives.
As part of our growing security organization supporting 10,000+ employees across multiple branch locations, this position will play a critical role in establishing cloud security standards, implementing infrastructure security controls, and enabling secure development practices across the enterprise.
Key Responsibilities
Cloud Security Governance and Architecture
AWS and Azure Security Implementation
- Design, implement, and maintain security controls across AWS and Azure cloud environments
- Develop and enforce cloud security policies, standards, and governance frameworks
- Implement Infrastructure as Code (IaC) security best practices using Terraform, CloudFormation, and ARM templates
- Configure and manage cloud-native security services (AWS Security Hub, Azure Security Center, AWS Config, Azure Policy)
- Establish and maintain cloud security baselines and configuration standards
Security Architecture and Design
- Collaborate with architecture teams to design secure cloud solutions aligned with business requirements
- Conduct security reviews of cloud architecture designs and infrastructure changes
- Implement network security controls including VPCs, security groups, NACLs, and micro-segmentation
- Design and implement identity and access management (IAM) policies and role-based access controls
- Establish secure networking patterns including VPN configurations, private endpoints, and hybrid connectivity
Compliance and Risk Management
- Support SOC 2, PCI DSS, and potential GDPR compliance requirements in cloud environments
- Implement continuous compliance monitoring and automated remediation workflows
- Conduct regular security assessments and risk evaluations of cloud infrastructure
- Maintain compliance documentation and evidence collection for audit purposes
- Support third-party risk assessments for cloud service providers and integrations
DevSecOps Implementation and Automation
CI/CD Pipeline Security
- Integrate security scanning tools into CI/CD pipelines (SAST, DAST, dependency scanning)
- Implement automated security testing and vulnerability assessment workflows
- Design and maintain secure deployment pipelines with approval gates and security checkpoints
- Establish container security scanning and compliance validation processes
- Implement secrets management solutions and secure credential handling practices
Infrastructure Security Automation
- Develop and maintain security automation scripts using Python, PowerShell, or similar languages
- Implement infrastructure security monitoring and alerting systems
- Create automated remediation workflows for common security misconfigurations
- Establish security metrics collection and reporting automation
- Build and maintain security-focused infrastructure monitoring dashboards
Tool Integration and Management
- Deploy, configure, and maintain cloud security posture management (CSPM) tools
- Integrate security tools with existing SIEM, XDR, and security operations platforms
- Implement and manage vulnerability scanning solutions for cloud infrastructure
- Establish log aggregation and security event correlation for cloud environments
- Manage security tool licenses, updates, and vendor relationships
Security Operations Support
Incident Response and Investigation
- Provide cloud security expertise during security incident investigations
- Analyze cloud logs and telemetry data for security event correlation
- Support forensic analysis of cloud-based security incidents
- Participate in incident response activities and on-call rotation as needed
- Collaborate with SOC team on cloud-specific threat hunting activities
Monitoring and Threat Detection
- Implement and tune cloud security monitoring rules and alerting
- Develop custom detection logic for cloud-specific attack patterns
- Support threat hunting initiatives in cloud environments
- Analyze security events and investigate potential security threats
- Contribute to threat intelligence gathering and IOC development
Training and Collaboration
Cross-Team Collaboration
- Work closely with development teams to implement secure coding practices
- Collaborate with IT operations teams on secure infrastructure deployment
- Partner with security champions program to drive cloud security awareness
- Support branch security initiatives with cloud security expertise
- Participate in security architecture review boards and technical committees
Knowledge Sharing and Training
- Develop and deliver cloud security training materials for technical teams
- Create documentation for cloud security procedures and best practices
- Mentor junior team members on DevSecOps practices and cloud security
- Stay current with cloud security trends, threats, and best practices
- Contribute to security awareness programs with cloud security content
Required Qualifications
Education
- Bachelors degree in Computer Science, Information Security, Engineering, or related technical field
- Equivalent combination of education and experience will be considered
Experience
-
5+ years
of experience in information security, cloud security, or DevOps roles -
3+ years
hands-on experience with AWS and Azure cloud platforms -
2+ years
experience implementing DevSecOps practices and CI/CD security integration - Demonstrated experience with Infrastructure as Code (Terraform, CloudFormation, ARM templates)
- Experience with containerization technologies (Docker, Kubernetes) and container security
- Background in security frameworks such as NIST CSF, CIS Controls, or ISO 27001
Technical Skills
Cloud Platforms
-
AWS:
EC2, VPC, IAM, Security Hub, Config, CloudTrail, GuardDuty, Systems Manager -
Azure:
Virtual Machines, Virtual Networks, Azure AD, Security Center, Policy, Monitor - Multi-cloud security architecture and governance experience
- Cloud cost optimization and resource management
DevSecOps Tools and Practices
- CI/CD platforms (Jenkins, Azure DevOps, GitLab CI, GitHub Actions)
- Static Application Security Testing (SAST) tools (SonarQube, Checkmarx, Veracode)
- Dynamic Application Security Testing (DAST) tools (OWASP ZAP, Burp Suite)
- Container security tools (Twistlock, Aqua Security, Falco)
- Infrastructure scanning tools (Nessus, Qualys, Rapid7)
Programming and Scripting
-
Python
or PowerShell
for automation and scripting - Infrastructure as Code languages (HCL for Terraform, YAML for CloudFormation)
- Basic understanding of common programming languages (Java, .NET, JavaScript)
- Git version control and branching strategies
- API integration and REST/JSON proficiency
Security Tools and Technologies
- SIEM platforms (Splunk, QRadar, Azure Sentinel, AWS Security Lake)
- Vulnerability management platforms
- Identity and Access Management systems
- Network security tools and protocols
- Encryption technologies and PKI management
Certifications (Preferred)
-
AWS:
AWS Certified Security - Specialty, AWS Certified Solutions Architect -
Azure:
Azure Security Engineer Associate, Azure Solutions Architect Expert -
Security:
CISSP, GSEC, GCIH, or equivalent security certifications -
DevOps:
Certified Kubernetes Administrator (CKA), Docker Certified Associate -
Compliance:
Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC)
Preferred Qualifications
Advanced Experience
- Background supporting SOC 2 Type II, PCI DSS, or GDPR compliance programs
- Experience with multi-branch or distributed organization security challenges
- Previous experience with security program transformation initiatives
Technical Expertise
- Advanced knowledge of threat modeling and security architecture principles
- Experience with zero-trust security architecture implementation
- Knowledge of machine learning/AI applications in security
- Experience with serverless security (AWS Lambda, Azure Functions)
- Advanced scripting and automation capabilities
Leadership and Communication
- Experience mentoring junior technical staff
- Strong project management and cross-functional collaboration skills
- Experience presenting to executive leadership and board members
- Background in developing security policies and procedures
Key Competencies
Technical Competencies
-
Cloud Security Expertise:
Deep understanding of cloud security principles, threats, and controls -
DevSecOps Implementation:
Ability to integrate security into development and deployment processes -
Automation and Scripting:
Strong automation skills to improve efficiency and consistency -
Problem-Solving:
Analytical thinking and creative problem-solving abilities -
Continuous Learning:
Commitment to staying current with evolving technologies and threats
Professional Competencies
-
Communication:
Excellent written and verbal communication skills with both technical and business stakeholders -
Collaboration:
Ability to work effectively across teams and departments -
Adaptability:
Flexibility to work in a fast-paced, evolving environment -
Initiative:
Self-motivated with ability to work independently and drive projects to completion -
Attention to Detail:
Thoroughness and accuracy in technical implementation and documentation
Integration with Security Program
Alignment with Strategic Initiatives
This role directly supports several key initiatives from our comprehensive security program:
-
Cloud Security Strategy (Q4 2025):
Lead implementation of cloud security architecture and controls -
Secure Software Development Framework (Q2 2026):
Establish secure SDLC processes and DevSecOps practices -
GRC Platform Implementation (Q4 2025):
Support compliance automation and governance workflows -
Asset Management Program (Q4 2025):
Contribute to cloud asset discovery and classification -
Security Champions Program:
Collaborate with champions to drive cloud security awareness
Security Framework Alignment
- Support NIST CSF 2.0 implementation across Identify, Protect, Detect, Respond, and Recover functions
- Contribute to CIS Controls implementation, particularly Controls 3 (Data Protection), 4 (Secure Configuration), and 12 (Network Infrastructure Management)
- Enable SOC 2 compliance through automated control implementation and evidence collection
Organizational Integration
-
SOC Collaboration:
Provide cloud expertise to security operations and incident response activities -
Branch Security Support:
Develop cloud security standards applicable across all branch locations -
Vendor Management:
Support third-party risk assessments for cloud service providers -
Training and Awareness:
Contribute to security awareness programs with cloud security content
