Practical experience with SAST, DAST, SCA, IAST, and related security tooling.
Requirements:
Identify, assess, and remediate application security vulnerabilities across web, API, and cloud environments.
Integrate and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, container scanning, IaC security).
Collaborate with development and operations teams to embed secure coding practices and ensure “shift-left” security.
Conduct and support secure code reviews, threat modeling, and application risk assessments.
Job description
As a DevSecOps Engineer, the focus is on strengthening application security and
embedding modern DevSecOps practices across the development lifecycle. The role involves identifying and remediating application vulnerabilities, integrating security into every stage of the SDLC, and ensuring that robust security controls are implemented and maintained in CI/CD pipelines.
Day-to-day responsibilities include designing and automating security controls, performing secure code and pipeline reviews, monitoring vulnerabilities, and collaborating with development and operations teams to drive “security by design.” By doing so, this role adds direct value to the Technology Department, working closely with all tribes to reduce risk exposure, enable faster and more secure software delivery, and foster a culture where security becomes a natural part of innovation and growth.
Responsibilities:
Identify, assess, and remediate application security vulnerabilities across web, API, and cloud environments.
Integrate and maintain security controls in CI/CD pipelines (e.g., SAST, DAST, SCA, container scanning, IaC security).
Collaborate with development and operation teams to embed secure coding practices and ensure “shift-left” security.
Conduct and support secure code reviews, threat modeling, and application risk assessments.
Develop automation and scripts to enforce security checks in the pipeline.
Monitor, triage, and remediate findings from application security tools.
Stay current with industry trends, frameworks, and emerging threats (OWASP, MITRE ATT&CK, NIST).
Contribute to security guidelines, standards, and training for developers.
Requirements:
Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent experience.
Proven experience in DevSecOps, Application Security, or Secure Software Development(3+ years).
Good programming skills in programming languages such as PHP, JavaScript, Python, or Java.
