Security Engineer (DevSecOps / Application Security)
Remote ok!
MUST HAVE demonstrated hands-on experience integrating application security tools into pipelines or workflows via APIs/CLIs
Client is seeking a Security Engineer (DevSecOps / Application Security) to support the development and deployment of an enterprise security platform that enables automated application security testing and integration across modern cloud environments.
This role focuses on building, maintaining, and deploying infrastructure-as-code, APIs, and integrations for a cloud-native security solution that connects multiple security tools into a unified DevSecOps framework. The ideal candidate is hands-on with Terraform, Python, AWS, and containerized application deployment, with a strong background in CI/CD automation and integrating AppSec tools.
This position is fully remote and ideal for a self-driven engineer who enjoys building automation, solving complex integration problems, and supporting scalable DevSecOps solutions.
- Support the development, automation, and deployment of an enterprise security platform used to orchestrate application security testing across cloud-native environments.
- Build and maintain integrations with security tools such as Apiiro, Invicti, Snyk (SCA & SAST), SonarQube, TruffleHog, and Wiz using APIs and CLIs.
- Develop and manage AWS infrastructure using Terraform, supporting services such as Lambda, ECS, ECR, API Gateway, VPC, Route53, DynamoDB, S3, and CloudWatch.
- Build, deploy, and manage containerized and serverless workloads across multiple AWS regions.
- Create and maintain CI/CD automations using CodeBuild, GitHub Actions, and related tooling.
- Debug, fix, and enhance platform functionality through feature requests and issue triage.
- Manage dependency builds and installations for Maven, Gradle, NPM, .NET Core, and Python applications.
- Work collaboratively with engineering, security, and operations teams to implement new integrations and platform enhancements.
- Participate in design discussions, planning sessions, and other collaborative activities that support platform growth and continuous improvement.
Qualifications & Experience:
- 4+ years of experience in DevSecOps, Cloud Engineering, or Application Security Engineering.
- Strong proficiency in AWS cloud architecture and Terraform for infrastructure automation.
- Solid scripting and programming skills in Python (additional experience in Node.js, .NET, or Java preferred).
- Proven experience deploying and maintaining containerized workloads using Docker and AWS ECS/Lambda.
- Hands-on experience integrating application security tools into pipelines or workflows via APIs/CLIs.
- Understanding of CI/CD pipelines and automation frameworks (CodeBuild, Jenkins, GitHub Actions).
- Familiarity with dependency management in Maven, Gradle, NPM, .NET Core, and Python ecosystems.
- Excellent debugging, problem-solving, and collaboration skills.
- Strong communication and self-management in a remote work environment.
Core Stack:
- Terraform
- Python
- AWS (Lambda, ECS, ECR, APIGW, VPC, VPCE, DynamoDB, Route53, CloudWatch, S3, CodeBuild)
- Docker
- GitHub
- REST APIs
Security Tools:
- Apiiro
- Invicti
- Snyk (SCA & SAST)
- SonarQube
- TruffleHog
- Wiz
