Job Title: DevSecOps Engineer (Detection & Pipeline Security)
Pay Type: SALARIED EXEMPT
Location: Remote
Citizenship Requirement: U.S. Citizen (Required)
Summary of Position Role/Responsibilities
The DevSecOps Engineer (Detection & Pipeline Security) plays a pivotal role at the crossroads of DevOps, Security Engineering, and Threat Detection. This position is responsible for managing secure CI/CD pipelines across high-compliance environments and ensuring detection logic is deployed and maintained with the same rigor as application code.
This engineer will own the secure release management of Quzara’s Authorized Platforms while operationalizing “Shift Left” principles—integrating security scanning, container validation, and detections into early stages of the development lifecycle. The ideal candidate is deeply technical, thrives in high-security environments, and collaborates closely with both engineering and SOC teams.
Essential Functions of the Job
- Manage the Detections as Code (DaC) lifecycle for threat detection logic using KQL or Sigma formats, implementing version control (Git) and automated deployment pipelines.
- Harden and maintain Azure DevOps (ADO) pipelines, agents, and related CI/CD workflows for both software and detection releases in high-compliance environments.
- Administer and secure the Azure Container Registry (ACR), ensuring containers are scanned, patched, and aligned to STIG compliance prior to production deployment.
- Implement Shift Left security techniques by integrating SAST, DAST, and compliance scans directly into build pipelines to identify vulnerabilities early.
- Partner with the Threat Intelligence and SOC teams to automate deployment of detection content, hunting queries, and analytics into Microsoft Sentinel and related tools.
- Build and maintain secure CI/CD templates, YAML pipelines, and secrets management for infrastructure, detection logic, and application components.
- Provide audit evidence and documentation to support FedRAMP, FISMA, and CMMC continuous monitoring efforts.
- Stay current with container, cloud, and CI/CD security innovations and implement them in real-time across production systems.
Marginal Functions of the Job
Normal Work Schedule
This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.
Education, Training, and Experience
- Prior experience in a DevSecOps or Security Engineering role is required (Candidates must have both DevOps experience and security background)
- 3–5+ years’ experience managing CI/CD pipelines within cloud-native environments (Azure DevOps strongly preferred).
- Hands-on experience deploying and managing containerized workloads (Docker, Kubernetes) in a secure and scalable way.
- Advanced knowledge of Azure DevOps, Azure Kubernetes Service (AKS), Azure Container Registry, and Microsoft Sentinel/KQL.
- Demonstrated experience integrating security tooling into DevOps pipelines (SAST/DAST, policy-as-code, IaC validation, etc.).
- Strong familiarity with compliance frameworks such as FedRAMP, CMMC, or FISMA, and their technical enforcement in the SDLC.
Preferred Certifications
- Microsoft Certified: DevOps Engineer Expert (AZ-400)
- Microsoft Certified: Azure Security Engineer Associate (AZ-500)
- Additional certifications such as SC-200 (Security Operations Analyst) or Kubernetes Security Specialist (CKS) are a plus.
EEO Statement
The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.
