DevSecOps Security Automation Engineer

Job Title: DevSecOps Security Automation Engineer

Location: Remote/Hybrid

Position Overview

We are seeking a highly skilled Security Automation Engineer to strengthen our security posture by automating access control, enhancing audit efficiency, and performing comprehensive security and vulnerability assessments. In this role, you will develop continuous testing processes for exposed interfaces and evaluate third-party dependencies across a wide range of applications, including web and embedded systems.

The ideal candidate will design and implement scalable security solutions, perform risk assessments, and collaborate with cross-functional teams to ensure robust, proactive security across the organization.

Key Responsibilities

Third-Party Dependency Evaluation

Investigate, monitor, and assess security risks associated with third-party dependencies, including base Docker images, libraries, and tools.

Security Risk Assessment

Conduct detailed assessments of security vulnerabilities related to third-party components and recommend effective mitigation strategies.

Vulnerability Testing & Triage

Develop and maintain a continuous testing process for exposed interfaces.

Identify vulnerabilities, prioritize remediation, and support development teams in fixing security issues.

Collaboration & Communication

Work closely with engineering, QA, and operations teams to integrate security best practices into the software development lifecycle (SDLC).

Provide technical guidance and security insights to cross-functional stakeholders.

Automate GitHub Access Control

Design and implement automated workflows for managing GitHub access, ensuring secure, efficient, and compliant user management.

Security Audit Efficiency

Automate routine audit checks and integrate advanced tools to streamline and enhance the overall security audit process.

Documentation & Reporting

Maintain comprehensive documentation of security procedures, test results, risk assessments, and process improvements.

Generate clear, actionable reports on security metrics, vulnerabilities, and remediation progress.

Required Qualifications

Bachelor s degree in Computer Science, Information Security, or a related field (or equivalent experience).

3+ years of experience in security engineering, with emphasis on automation, DevSecOps, and vulnerability management.

Hands-on experience with security tools and platforms, including GitHub, GitHub Actions, Docker, and SonarCloud.

Strong understanding of security best practices, risk mitigation strategies, and threat modeling.

Excellent analytical, troubleshooting, and problem-solving skills.

Ability to communicate complex technical concepts clearly to technical and non-technical audiences.

Preferred Qualifications

Experience with package management tools (e.g., Debian/apt, Maven, Python/pip).

Familiarity with AWS Cloud security, CI/CD pipelines, and DevSecOps methodologies.

Experience working in Agile environments and cross-functional collaboration.

Proficiency in scripting and automation (e.g., Python, Bash) for security workflows.

Relevant security certifications (e.g., Security+, GSEC, CEH, GCIH, AWS Security Specialty).