Overview
On Site
Full Time
Skills
Data Analysis
Value Engineering
Innovation
Bridging
Collaboration
RBAC
Management
Apache Velocity
Scripting
Terraform
Jenkins
Security Controls
Incident Management
Software Development
Workflow
Release Engineering
Cyber Security
GitHub
DevOps
GitLab
OIDC
Cloud Computing
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Google Cloud
Oracle Policy Automation
Software Development Methodology
Continuous Integration
Continuous Delivery
Auditing
SIEM
Supply Chain Management
Health Care
Legal
Insurance
Training
Augmented Reality
Testing
Job Details
CI/CD Security Engineer
Job Description
Overview
CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world's real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives.
We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We've continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate.
Our Product Security team is seeking a CI/CD Security Engineer to take ownership of critical systems that underpin our software development lifecycle. This role is ideal for someone with a DevOps mindset and a passion for secure engineering practices. You'll be responsible for managing and securing platforms such as Azure DevOps, GitHub Enterprise, and HashiCorp Vault, ensuring they are resilient, compliant, and aligned with security best practices.
This position bridges the gap between cybersecurity and DevOps, offering a unique opportunity to lead systemic improvements in how code repositories, build pipelines, and secrets vaults are governed. You'll collaborate closely with development and operations teams to identify risks and implement sustainable solutions.
This position is located in Arlington, VA and is in office Monday through Thursday and work from home on Friday.
Responsibilities
Basic Qualifications
Preferred Qualifications and Skills
What's in it for You
When you join CoStar Group, you'll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed.
We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training, and tuition reimbursement.
Our benefits package includes (but is not limited to):
We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position.
#LI-AR
CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing
Job Description
Overview
CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world's real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives.
We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We've continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate.
Our Product Security team is seeking a CI/CD Security Engineer to take ownership of critical systems that underpin our software development lifecycle. This role is ideal for someone with a DevOps mindset and a passion for secure engineering practices. You'll be responsible for managing and securing platforms such as Azure DevOps, GitHub Enterprise, and HashiCorp Vault, ensuring they are resilient, compliant, and aligned with security best practices.
This position bridges the gap between cybersecurity and DevOps, offering a unique opportunity to lead systemic improvements in how code repositories, build pipelines, and secrets vaults are governed. You'll collaborate closely with development and operations teams to identify risks and implement sustainable solutions.
This position is located in Arlington, VA and is in office Monday through Thursday and work from home on Friday.
Responsibilities
- Own and secure CI/CD platforms including Azure DevOps, GitHub Enterprise, and HashiCorp Vault including RBAC, branch policies, mandatory security checks, and secrets management.
- Identify and remediate systemic risks in build pipelines, code repositories, and secrets management.
- Roll out and tune GHAS/CodeQL/Dependabot or equivalents; drive org-wide adoption with minimal developer friction.
- Partner with DevOps contributors to improve tooling and workflows without disrupting release velocity.
- Develop and maintain security controls, automation scripts, and monitoring systems for CI/CD environments.
- Advocate for secure-by-design principles across the software delivery lifecycle.
- Document processes and provide guidance to cross-functional teams on secure CI/CD practices.
- Build monitoring and detections for CI/CD abuse; create incident playbooks and break-glass procedures.
- Govern secrets for human and non-human identities with HashiCorp Vault (namespaces, policies, auth backends, dynamic secrets, rotation, audit).
- Deliver guardrails as code (Terraform, policy-as-code) and document secure paved-road patterns in reusable modules.
Basic Qualifications
- Bachelor's Degree required from an accredited, not for profit university or college.
- 5+ years in Security or DevOps roles with 2+ years administering CI/CD at a large enterprise scale.
- A track record of delivering long-term impact to prior employers.
- Proven experience with CI/CD platforms and DevOps tools (e.g., Azure DevOps, GitLab, GitHub Enterprise, Jenkins, Vault).
- Experience at a large enterprise scale implementing security controls for CI/CD workloads including:
- CODEOWNERS
- Cleartext secret detection and prevention.
- Artifact integrity and supply chain security.
- Short-lived credentials to enforce least privilege.
- Security relevant audit logging to support incident response.
- Strong understanding of software development workflows and release engineering.
- Familiarity with infrastructure-as-code, containerization, and cloud-native security.
- Ability to communicate effectively with both cybersecurity and engineering teams.
- A collaborative spirit and respect for shared ownership models in DevOps environments.
Preferred Qualifications and Skills
- Organization-wide rollout of GitHub Advanced Security (secret scanning, CodeQL, Dependabot) or equivalent in Azure DevOps, GitLab or similar.
- Hands-on with OIDC/JWT workload identity from CI to cloud (AWS/Azure/Google Cloud Platform) and least-privilege IAM design.
- Familiarity with NIST SSDF, SLSA, and CNCF supply-chain projects; policy-as-code (OPA/Conftest) for SDLC gates.
- Experience building detections for CI/CD abuse and integrating provider audit logs into SIEM.
- Container supply-chain security (base image curation, registry controls, image scanning, admission policies).
What's in it for You
When you join CoStar Group, you'll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed.
We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training, and tuition reimbursement.
Our benefits package includes (but is not limited to):
- Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
- Life, legal, and supplementary insurance
- Virtual and in person mental health counseling services for individuals and family
- Commuter and parking benefits
- 401(K) retirement plan with matching contributions
- Employee stock purchase plan
- Paid time off
- Tuition reimbursement
- On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes
- Access to CoStar Group's Diversity, Equity, & Inclusion Employee Resource Groups
- Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks
We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position.
#LI-AR
CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.