Description: Onsite in Fenton Cary, NCWe are seeking a Senior DevSecOps / Application Security Engineer to join a modern Information Security organization supporting rapidly evolving development environments. This role sits at the intersection of application security, developer enablement, and automation, with a strong mandate to embed security directly into how software and AI-driven solutions are built, tested, and deployed.
As a senior technical contributor, you will focus on securing code, development pipelines, and AI-enabled applications while helping establish governance and standardized security controls across teams that are increasingly writing and deploying their own code. This is a hands-on role for someone who can both build and advise-balancing strong security controls with developer efficiency and delivery velocity.
This is a full-time, permanent opportunity, offering a competitive salary and comprehensive benefits package. Qualified applicants must be willing and able to work on a w2 basis.
Salary: $122,000 - $145,000/ yr. w2 + benefits
Responsibilities: - Embed security controls into application development workflows, CI/CD pipelines, and code repositories
- Support and guide developers on secure coding practices and secure build processes
- Drive automation and policy-as-code to enforce security requirements consistently
- Secure modern, AI-enabled applications and assess risks introduced by AI in development workflows
- Improve security prioritization and efficiency through automation and intelligent tooling
- Design and implement secure CI/CD pipelines with automated controls such as:
- Static and Dynamic Application Security Testing (SAST/DAST)
- Software Composition Analysis (SCA)
- Secrets scanning and code integrity checks
- Infrastructure-as-Code (IaC) and container image scanning
- Secure code repositories by enforcing:
- Branch protections and access controls
- Commit signing, code integrity, and version control governance
- Prevent insecure code usage or data exposure (e.g., sensitive data pushed to public repositories)
- Implement and maintain policy-as-code frameworks to enforce security standards automatically
- Secure the software supply chain, including:
- Dependency validation
- SBOM generation
- Validation of third-party and purchased software
- Establish standardized security guardrails as more teams begin building and deploying code
- Ensure data is encrypted at rest and handled securely across development environments
- Partner with identity and data protection teams to strengthen:
- Identity and access controls (IAM)
- Data Loss Prevention (DLP) practices within development workflows
- Evaluate risks introduced by AI in software development and application design
- Help define and implement controls for secure AI-driven applications
- Leverage AI to enhance security monitoring, prioritization, or automation
- Interest in candidates who can write code and potentially build secure prompting or automation solutions
Experience Requirements: - 7+ years of experience in DevSecOps, application security, security engineering, or platform engineering
- Experience with cloud-native and modern development environments, including containers and infrastructure-as-code
- Strong scripting or automation experience (e.g., Python, PowerShell, Bash)
- Proven ability to translate security requirements into scalable, automated technical controls
- Practical experience with repository platforms such as GitHub, GitLab, Azure DevOps, or Bitbucket and related security governance.
- Deep experience with containers (Docker), Kubernetes, and IaC tools including Terraform, ARM, and AWS CloudFormation.
- Strong understanding of software supply chain security, dependency management, and SBOM practices.
- Experience implementing policy-as-code using Azure Policy, AWS Config, OPA, or similar tools.
- Proficiency with scripting and automation such as Python, PowerShell, and Bash and DevOps tooling like Jenkins, GitHub Actions, and Azure Pipelines.
- Strong understanding of SDLC and operationalizing controls in engineering environments.
Requires: Strong hands-on experience securing:
- Code repositories (e.g., GitHub, GitLab, Azure DevOps)
- CI/CD pipelines and developer platforms
- Approximately 5% travel.
Education Requirements: Bachelor's degree in Computer Science, Engineering, Information Security, or a related field (or equivalent practical experience)
Recruitment Transparency NoticeEliassen Group values transparency in our recruitment practices. Please be advised that Eliassen Group utilizes artificial intelligence (AI) tools as part of its initial application screening and hiring process. You may receive email and SMS notifications from the Eliassen Virtual Recruiting Team (, ) inviting you to complete a brief voice screening as part of your application process. These tools assist our hiring teams in different ways, including but not limited to, assistance in reviewing application materials to help identify candidates whose qualifications most closely match the requirements of the position. All AI-assisted evaluations and responses are reviewed by human recruiters before any hiring decisions are made. The use of AI in our process is intended to support fairness, efficiency, and consistency, and Eliassen Group takes measures to prevent bias or discrimination in connection with its hiring practices. By proceeding, you acknowledge, agree, and consent to Eliassen Group's use of these tools, including AI tools, as part of the application and hiring process.Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.
W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.
If anyone reaches out to you about an open position connected with Eliassen Group, please ensure that you are working directly with us by confirming the following: When you work with Eliassen Group, all email communication will come from an Eliassen.com address, never Gmail, Yahoo, etc. Eliassen Group will never ask you for personal information (home address, bank account, or check routing number) until you have worked with someone clearly associated with Eliassen Group.If you have any indication of fraudulent activity, please contact .About Eliassen Group:Eliassen Group is a strategic consulting firm that helps organizations reach further and achieve more through our technology, business advisory, and life sciences solutions. For nearly 40 years, we have combined exceptional people, deep domain expertise, and intelligent capabilities to expand our clients' capacity and accelerate meaningful outcomes. We are driven by a purpose to positively impact the lives of our employees, clients, consultants, and the communities we serve.Eliassen is committed to building a diverse and inclusive team from a variety of backgrounds, perspectives, and skills. We are an Equal Opportunity and Affirmative Action Employer and all employment decisions are based on merit, performance, and business needs. Eliassen does not discriminate on the basis of race, color, gender identity or expression, sexual preference or orientation, sex (including pregnancy, childbirth, and related medical conditions), marital status, creed, religion, physical or mental disability, genetic information, military or veteran status, age, ancestry, national origin, citizenship status, prohibited criminal record inquiries of applicants and employees, or any other category protected by federal, state, or local laws.Don't miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check! 
Never miss an opportunity! Create an alert based on the job you applied for.