Staff DevSecOps Engineer

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cyber security SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

As a Staff DevSecOps Engineer, you will help develop and implement our Engineering team’s DevSecOps strategy, with a strong focus on Static Application Security Testing (SAST) and CI/CD tooling. You will architect, implement, and scale security practices across our software development lifecycle, enabling secure and seamless deployments while maintaining compliance and governance standards. This role demands technical leadership, collaboration across teams, and a deep understanding of DevOps, security, and software development workflows.

What You’ll Do

• Develop best practices and tooling for implementing a DevSecOps approach that helps secure BeyondTrust’s CI/CD while enabling our Engineering teams to adopt these approaches seamlessly.
• Collaborate with cross-functional teams, including application security engineers, Engineering leadership, software engineers, SREs, and product managers, to drive secure development initiatives.
• Secure our codebases and pipelines from misuse, bad coding practices, vulnerable dependencies, and exposed secrets.

What You’ll Bring

• Develop and implement tooling for Static Application Security Testing (SAST) along with improving analytics in Github Security Centre.
• Implement a robust end-to-end process in partnership with Application Security teams for Code Scanning, Secret Scanning, and Dependency Reviews.
• Establish and enforce policies for secure code development and vulnerability management.
• Automate remediation workflows to streamline vulnerability fixes and improve code quality.

CI/CD Tooling and Pipeline Security

• Design and enhance secure CI/CD pipelines to ensure secure, automated, and reliable software delivery.
• Implement guardrails and security checks (e.g., static/dynamic analysis, software composition analysis) into CI/CD pipelines.
• Standardize and optimize tools like Jenkins, GitHub Actions, Azure DevOps, or other CI/CD platforms.

Security by Design

• Champion secure coding practices and lead efforts to embed security in all stages of the SDLC.
• Collaborate with development teams to identify and mitigate risks early in the development lifecycle.
• Provide technical leadership for implementing industry best practices in application security and cloud-native environments.

Automation and Infrastructure Security

• Develop and manage infrastructure-as-code (IaC) security processes.
• Automate security tasks, including testing, monitoring, and alerting for potential threats.
• Drive continuous improvement through automated patch management and dependency updates.

Compliance and Governance

• Ensure CI/CD and GitHub workflows comply with regulatory requirements (e.g., SOC 2, GDPR).
• Develop and maintain metrics and reporting to demonstrate the Engineering teams' security program effectiveness.

Leadership and Collaboration

• Serve as a subject-matter expert and mentor for engineers on DevOps and DevSecOps principles and tooling.
• Lead incident response and forensic investigations related to DevSecOps environments.

Requirements

• Bachelor’s degree in Computer Science, Engineering, or a related field; advanced degree preferred.
• 10+ years of experience in Operations, DevOps, DevSecOps, or related engineering roles.
• Expertise in building out application security pipelines and CI/CD platforms using tools such as GitHub Actions, Jenkins, and/or Azure DevOps.
• Proficiency in programming/scripting languages like Python, Go, or Typescript.
• Hands-on experience with IaC tools (Terraform, OpenTofu, CloudFormation) and cloud platforms (AWS, Azure).
• Strong understanding of application security, container security (Docker, Kubernetes), and cloud security (AWS or Azure Services) .
• Knowledge of modern software delivery paradigms, including microservices and serverless architectures.
• Familiarity with security frameworks and standards (OWASP, NIST, CIS).
• Exceptional problem-solving skills, communication, and ability to work in a fast-paced environment.

Nice To Have

• Certifications such as AWS Certified Security, Certified DevSecOps Professional, or CISSP.
• Experience with SAST/DAST tools like SonarQube or Burp Suite.
• Experience hardening SCM codebases using tools such as Legitify, Scorecard or Allstar.
• Experience rolling out GenAI tools for Software Engineers with a Security-First approach.

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the worldwide leader in intelligent identity and access security, enabling organizations to protect identities, stop threats, and deliver dynamic access. We are leading the charge in innovating identity-first security and are trusted by 20,000 customers, including 75 of the Fortune 100, plus a global ecosystem of partners.

Learn more at www.beyondtrust.com. 

#LI-BS1