Embed security into every stage of the software development lifecycle. Focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling. Strong expertise in application security, secure coding practices, and DevSecOps methodologies required.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
DevSecOps Engineer
Fully remote (working EST)
Salary: $128-170k
The DevSecOps Engineer (Application Security) is a highly technical role responsible for embedding security into every stage of the software development lifecycle. This individual will focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling to strengthen secure development practices.
The role requires strong expertise in application security, secure coding practices, and DevSecOps methodologies, along with a solid understanding of software development processes and foundational knowledge of infrastructure and operating systems.
Key Responsibilities
Interested in remote work opportunities in Devops? Discover Devops Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- Build strong relationships with developers, product stakeholders, and agile teams to integrate security into application design and delivery (20%)
- Perform security testing and validation of application security controls across multiple initiatives (15%)
- Implement and enhance defensive security practices across applications and supporting infrastructure (15%)
- Support and enforce CI/CD security strategies in collaboration with engineering and platform teams (10%)
- Apply expertise in SAST, SCA, DAST, and Infrastructure-as-Code (IaC) scanning tools and methodologies (20%)
- Identify vulnerabilities through automated scanning and manual code review; drive remediation efforts (10%)
- Apply threat modeling techniques to strengthen application design and reduce risk (10%)
- Act as an escalation point for application security issues and support resolution efforts
- Develop and improve tools and services that enable developers to adopt security best practices efficiently
- Automate and streamline security controls within CI/CD pipelines
- Support "shift-left" security initiatives by embedding security early in the SDLC
- Apply foundational cloud security knowledge, including IAM, container security, and baseline hardening practices
- Perform other duties as assigned
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
Required Qualifications
- Bachelor's degree (BA/BS) in Finance, Accounting, Business, Computer Science, or a related field, or equivalent professional experience
- 7+ years of experience in information technology, information security administration, or security operations
- Experience working in Agile environments, including Scrum and Kanban methodologies
- Strong understanding of container technologies (e.g., Docker) and container orchestration platforms (e.g., Kubernetes, Docker Swarm)
- Experience with infrastructure automation and configuration tools such as CloudFormation, Terraform, Ansible, and Jenkins
- Proficiency in securing Windows and Unix/Linux operating systems, endpoint applications, network protocols, and related infrastructure components
- Scripting experience in one or more of the following: Python, Bash, Perl, or PowerShell
- Solid understanding of application security principles and frameworks, including OWASP Top 10, CVSS scoring, MITRE ATT&CK, and the software development lifecycle (SDLC)
Preferred Certifications
- CISSP
- GIAC certifications (e.g., GCSA, GWAPT)
- AWS Security Specialty or related certifications
Similar Jobs
Explore other opportunities that match your interests
Insight Global
Azure DevOps Engineer II
Robert Half
