Application Security / DevSecOps Engineer

Role: Application Security / DevSecOps Engineer (Python, AWS)
Location: Remote

Key Skills:
AppSec | DevSecOps | Python | AWS | Security Scanning | Snyk | Wiz | SonarQube | Containers

Overview

We are seeking a highly technical Application Security / DevSecOps Engineer with deep experience securing modern cloud-native applications and containerized workloads. This role will focus on integrating security throughout the software development lifecycle (SDLC) while working closely with engineering and DevOps teams to identify, remediate, and prevent vulnerabilities across AWS environments.

The ideal consultant will be a strong Python developer with hands-on expertise in security scanning platforms such as Snyk, SonarQube, and Wiz, and will have experience securing containerized workloads running in cloud environments.

Responsibilities

Application Security & DevSecOps

• Embed security best practices into the CI/CD pipeline and software development lifecycle.

• Implement and manage application security scanning across code, dependencies, and containers.

• Perform SAST, SCA, and vulnerability analysis to identify and remediate security risks.

• Partner with engineering teams to prioritize and remediate vulnerabilities.

Security Scanning & Tooling

• Implement and manage security scanning tools including:

  • Snyk (SCA & SAST)

  • SonarQube

  • Wiz

• Automate scanning and policy enforcement within CI/CD pipelines.

• Develop reporting dashboards and remediation workflows.

Cloud & Container Security

• Secure containerized workloads running on AWS.

• Implement security best practices for Kubernetes, Docker, and serverless workloads.

• Monitor cloud security posture and address vulnerabilities across infrastructure and applications.

Development & Automation

• Build and maintain security automation using Python.

• Create scripts and tooling to automate vulnerability remediation, scanning, and reporting.

• Integrate security checks into build pipelines and deployment workflows.

Collaboration

• Work closely with DevOps, platform engineering, and application development teams.

• Provide guidance on secure coding practices and threat mitigation strategies.

• Assist in defining security architecture for new cloud-native applications.

Required Skills

Technical Skills

• Strong Python development experience.

• Application security experience in modern DevOps environments.

• Hands-on experience with Snyk (SCA & SAST).

• Experience with SonarQube and Wiz security platforms.

• AWS cloud security experience.

• Container security (Docker, Kubernetes).

• CI/CD security integration (GitHub Actions, Jenkins, GitLab, etc.).

Security Expertise

• SAST, SCA, and vulnerability management

• Secure Software Development Lifecycle (SSDLC)

• Dependency and open-source security scanning

• Cloud Security Posture Management

Nice to Have

• Experience with IaC security (Terraform, CloudFormation).

• Knowledge of threat modeling and penetration testing.

• Experience implementing DevSecOps programs.