DevSecOps / Cloud Security Engineer

Job Title: DevSecOps / Cloud Security Engineer

Location: North Quincy, Massachusetts

Experience Required: 3-7+ Years

Position Overview

We are seeking a hands-on DevSecOps / Cloud Security Engineer to embed security across the Software Development Lifecycle (SDLC), CI/CD pipelines, and cloud-native environments.

This role will focus on securing applications, automating security controls, hardening cloud infrastructure, and ensuring compliance with industry security frameworks. The ideal candidate combines strong scripting capabilities with deep expertise in container security, cloud security, and DevSecOps automation.

Key Responsibilities

1. Secure SDLC & Application Security

• Embed security controls across all SDLC phases.

• Conduct threat modeling, secure code reviews, and risk assessments.

• Implement and manage SAST, DAST, and SCA tools.

• Promote secure coding practices aligned with OWASP standards.

2. CI/CD Pipeline Security

• Build and maintain secure CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps).

• Automate security scans and policy enforcement within pipelines.

• Integrate secrets management and environment hardening practices.

3. Cloud & Infrastructure Security

• Conduct Infrastructure as Code (IaC) security reviews using Terraform, CloudFormation, ARM, or Pulumi.

• Enforce security best practices across AWS, Azure, or Google Cloud Platform.

• Deploy and manage cloud-native security tools such as AWS GuardDuty, Azure Defender, or Google Cloud Platform Security Command Center.

4. Container & Kubernetes Security

• Build and scan secure container images using tools like Trivy, Aqua, Clair, or Prisma Cloud.

• Implement Kubernetes hardening controls (RBAC, network policies, pod security standards).

• Monitor and remediate cluster security posture and vulnerabilities.

5. Security Automation & Tooling

• Develop automation scripts and playbooks using Python, Go, Bash, or PowerShell.

• Integrate SIEM/SOAR platforms into CI/CD workflows.

• Automate vulnerability management and remediation processes.

6. Compliance & Governance

• Support compliance with frameworks including:

  • NIST

  • ISO 27001

  • SOC 2

  • PCI-DSS

• Implement policy-as-code using OPA, Conftest, or cloud-native policy engines.

• Produce audit-ready documentation and reporting artifacts.

7. Monitoring & Incident Response

• Integrate security telemetry into pipelines and cloud environments.

• Triage and respond to security incidents related to CI/CD and cloud workloads.

• Conduct root cause analysis and implement preventive controls.

Required Skills & Qualifications

• 3-7+ years of experience in Cybersecurity, DevSecOps, or Cloud Security.

• Strong scripting/programming skills (Python, Go, Bash, PowerShell).

• Hands-on experience with CI/CD automation and security tooling.

• Strong understanding of OWASP Top 10, CWE, and CVE vulnerabilities.

• Experience with containers and Kubernetes security.

• Knowledge of microservices architectures and distributed systems.

• Understanding of cloud networking, IAM, secrets management, and encryption.

Preferred Qualifications

Certifications:

CISSP, CISM, CCSP, AWS/Azure Security Specialty, GIAC, or DevSecOps certifications.

Nice-to-Have Experience:

• Zero Trust architectures

• Supply chain security (SBOMs, Sigstore, Cosign)

• Observability and infrastructure monitoring

• Serverless security

• Automated compliance frameworks

Core Competencies

DevSecOps | CI/CD Security | Kubernetes Security | Cloud Security | Infrastructure as Code | SAST/DAST/SCA | Security Automation | Policy-as-Code | Compliance Frameworks