DevSecOps Engineer - Product Security

About the Role:

• You will own, operate and optimize the Product Security tech stack, building and maintaining security controls that integrate seamlessly across CI/CD pipelines.
• You will champion shift-left security practices across engineering teams working on microservices, mobile and thick client applications, ensuring consistent scanning, policy enforcement, and artifact integrity.
• You will drive and build pipeline hardening, ensuring CI/CD environments are securely configured, protected from supply chain and pipeline risks.
• You will collaborate with Engineering , DevOps to embed security tooling and hardened build practices into CI/CD workflows, while running hygiene and improvement campaigns such as dependency cleanup and policy adoption.
• You will build automation for scan execution, triage, ticketing, and security metrics and reporting while supporting product security incidents by rapidly assessing exposure across repositories, pipelines, and published artifacts.

About You:

• 5 –7 years of hands-on experience integrating security testing tools such as SAST (e.g., CodeQL, Checkmarx), DAST (e.g., Burp Suite), and SCA (e.g., Snyk, Dependabot) into build pipelines.
• You should have strong experience in software engineering, build or DevOps environments, including Git/GitHub, CI/CD, and artifact repositories.
• You should have hands-on experience with CI/CD tools such as GitHub Actions, Jenkins, Harness or Terraform, along with familiarity with cloud platforms like AWS, Azure or GCP.
• You should have a solid understanding of software supply chain security, secure build risks and be comfortable working directly with developers and product security teams to drive adoption and risk reduction.
• You should be a practical, clear communicator with strong automation, continuously improving mindset and a passion for enabling secure-by-default development through better tooling and hardened builds.

#LI-Hybrid