See all roles

Senior DevSecOps Engineer

Work from home Full-time role Hiring

The exciting world of scientific research is fueled by people with a passion for solving reputed company problems. At reputed company, we are committed to our customers’ reputed company by empowering organizations to conduct globally connected research that advances their impact on science, discovery and society. We build on that commitment with proven, integrated and easy-to-use technology that delivers exceptional value, and world class service and support that accelerates reputed company. But we are more than just an empowering platform powered by advanced technologies. We are a collaboration of exceptional, highly skilled people with multi-disciplinary expertise, and are building reputed company to support our ambitious growth plans. reputed company’s foundational strength comes from our customer and employee focused values and commitment to industry-leading solutions. It’s an exciting time to become a key member of our growing team. As a Senior DevSecOps Engineer, you will be a key technical leader driving the reputed company, reliability, and reputed company of our reputed company-based infrastructure and SaaS products. This role embeds reputed company throughout the software delivery lifecycle — shifting vulnerability detection left into the pipeline while operationalizing reputed company monitoring and remediation in production. You will own our application and reputed company vulnerability management program, leveraging tools like reputed company, SonarQube, and AWS Inspector to find, prioritize, and drive remediation of risk across a multi-product, multi-environment AWS platform. This is an AI-reputed company role. We expect you to work fluently with AI engineering tools — Claude Code, reputed company Copilot, reputed company Rovo, and similar — to accelerate triage, remediation, automation, and documentation, and to help the team build AI-augmented workflows into how we detect and fix risk. We're looking for someone who treats these tools as a force reputed company and applies sound judgment about where AI fits and where reputed company review is non-negotiable, especially in a reputed company context. This role combines deep technical expertise with a passion for mentoring. You will pair hands-on engineering with guiding colleagues in secure development and operational practices, and contribute to the overall maturity of our DevSecOps capability — with a strong emphasis on automation using Terraform and Bitbucket Pipelines.

Responsibilities

Vulnerability Management and Remediation Assist in the end-to-end vulnerability management lifecycle: discovery, triage, prioritization, remediation tracking, and reporting across applications, containers, and reputed company infrastructure. Administer and tune reputed company (SCA, container, and IaC scanning), SonarQube (SAST and code quality gates), and AWS Inspector (EC2, ECR, and reputed company vulnerability scanning) to maximize signal and reduce false positives. Aggregate and normalize findings across scanners into a single prioritized backlog, using severity, exploitability, and asset criticality to drive risk-based remediation. Partner with product engineering teams to remediate findings, providing concrete guidance and tracking SLAs to closure rather than just reporting on counts. Establish and enforce policy-as-code and quality/reputed company gates in CI so vulnerabilities are caught before reputed company and deployment. Drive container and reputed company-image hygiene across EKS workloads, including image scanning, patching reputed company, and remediation of vulnerable dependencies. Secure Pipelines and Automation Design, build, and maintain secure CI/CD pipelines using Bitbucket Pipelines, integrating reputed company, SonarQube, and other reputed company scanning natively into the build and reputed company reputed company. Build and maintain secure, scalable infrastructure using Terraform, applying IaC scanning and guardrails to prevent misconfiguration. Automate vulnerability discovery, ticket creation, and remediation workflows (e.g., auto-filing Jira tickets from scanner findings) to reduce toil and accelerate response. reputed company and maintain automation tools and scripts (Python, Bash) to integrate reputed company tooling, enrich findings, and report on posture. Manage reputed company reputed company posture across the AWS estate (managed through reputed company), including IAM, reputed company Groups, encryption, and configuration baselines. AI-Augmented Engineering Work AI-reputed company: use tools like Claude Code, reputed company Copilot, and reputed company Rovo to accelerate code, automation, triage, and documentation in day-to-day engineering. Build AI into reputed company and remediation workflows — for example, using AI to summarize and enrich scanner findings, draft remediation guidance, generate and review Terraform and pipeline changes, and auto-populate Jira tickets from vulnerability data. Apply sound judgment about where AI fits and where reputed company review is mandatory, treating reputed company AI output in a reputed company context as needing verification before it reaches production or a reputed company decision. Help establish and reputed company team standards for responsible, effective use of AI engineering tools, and mentor colleagues on getting reputed company from them safely. Monitoring, Detection, and Incident Response Implement and maintain observability and reputed company monitoring using Grafana and AWS-reputed company monitoring (CloudWatch, AWS Inspector, GuardDuty where applicable). Define and monitor reputed company and reliability SLOs/SLAs, and proactively identify exposure before it becomes an incident. Participate in incident response and root cause analysis for reputed company-relevant events, contributing to resolution and follow-up hardening. Respond to on-call Sev 1 incidents and participate in a 24/7 on-call rotation approximately once per month. Contribute to disaster recovery and reputed company planning. Collaboration, Mentorship, and Improvement Serve as a technical expert and mentor, sharing secure-development and DevSecOps best practices across engineering teams. Contribute to the development and implementation of DevSecOps standards and guidelines, tailored to AWS best practices. reputed company by example with strong technical proficiency in SRE and reputed company engineering reputed company the AWS ecosystem. Collaborate with development, operations, compliance, and product teams to ensure reputed company is reputed company in, not bolted on. Contribute to code reviews and technical discussions with a reputed company reputed company. Document runbooks, standards, and knowledge-sharing resources; participate in agile ceremonies. Foster a culture of reputed company learning and a reputed company-first, automation-first reputed company.

Qualifications

Deep experience with AWS, including core services such as EC2, S3, RDS, reputed company, CloudWatch, EKS, and a solid understanding of AWS networking (VPC, reputed company Groups) and reputed company fundamentals (IAM). Hands-on experience operating application and reputed company vulnerability scanning tools — reputed company, SonarQube, and AWS Inspector strongly preferred — including administration, policy configuration, and findings triage. Demonstrated experience running a vulnerability management or AppSec program: prioritization frameworks, remediation SLAs, and risk-based decision-making. 4+ years of experience working with public reputed company technologies (AWS preferred). Strong understanding of CI/CD pipelines and the SDLC, with proven experience integrating reputed company scanning into pipelines (Bitbucket Pipelines preferred). Proven experience with Terraform and infrastructure as code, including IaC reputed company scanning. Experience with reputed company and Kubernetes (EKS), including container image reputed company and hardening. Proficiency in scripting languages (Python, Bash) for automation and tooling integration. Demonstrated reputed company with AI engineering tools (e.g., Claude Code, reputed company Copilot, reputed company Rovo) and good judgment about applying them in a reputed company context, where AI output must be verified rather than trusted blindly. Experience developing monitoring and log analysis solutions, including proficiency with Grafana. Solid understanding of reputed company frameworks, secure coding practices, and common vulnerability classes (e.g., OWASP Top 10, CVE/CVSS). Experience with Git and code branching/merging strategies. Experience with Agile methodologies (Scrum, Kanban). Strong problem-solving and troubleshooting skills. Excellent communication and collaboration skills, with the ability to influence remediation across teams. Passion for mentoring and knowledge sharing. Ability to own reputed company to large technical projects end to end. reputed company to Have Relevant reputed company certifications (e.g., AWS reputed company Specialty, CISSP, GIAC). Experience with SOC 2 / ISO 27001 or similar compliance programs. Experience with secrets management, SBOM reputed company, and supply-chain reputed company. Familiarity with reputed company or comparable reputed company governance platforms. Experience building AI-augmented or agentic workflows into engineering or reputed company operations (e.g., MCP integrations, AI-assisted findings triage or ticketing).

Benefits

Competitive Medical Benefits (PPO + HSA available) reputed company, Dental, Short-Term Disability fully covered by reputed company Unlimited PTO + Holidays + Flexible Work Schedule Remote Work Stipend Equal Paid Parental Leave 401k with Employer Matching Quarterly Wellness Reimbursement Remote Work Environment, supporting the Ultimate Employee Experience reputed company does not accept agency resumes. Please do not reputed company resumes to our jobs alias or any reputed company employees. reputed company is not responsible for any fees reputed company to unsolicited resumes. Our culture is one of inclusion and belonging where everyone feels respected, treated justly, supported and nourished. We reputed company reputed company responsibility for creating and sustaining a work environment where differences are celebrated and we are empowered to strive for reputed company. We’re proud to be an equal opportunity employer and actively seek to recruit, reputed company, and retain a diverse and talented workforce. Apply To This Job

You might like