DevSecOps Principal Engineer

DevSecOps Principal Engineer

• Implement and manage security tools such as SAST, DAST, SCA, and container security scanners.
• Integrate security best practices into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI).
• Automate security testing and vulnerability management to ensure continuous compliance.
• Act as the executive point of contact for security in software development, liaising with CISO and product leaders.
• Drive a “security as code” and “shift-left security” culture through training, awareness, and best practices.
• Build and enforce security policies, standards, and governance frameworks (NIST, ISO 27001, PCI DSS, SOC2, HIPAA, GDPR).
• Review cloud deployment architectures and implement required security controls.
• Enforce standard methodologies, processes, and tools and ensure compliance with enterprise architecture, global information security policies, and engineering strategy.
• Work closely with Product Security, Engineering, Operations, and Corporate Security to define security strategy and execute it. Implementing automation to enable developers to easily consume security services.
• Collaborate with development, operations, and security teams to design and implement secure, reliable, and scalable systems.     
• Identify security vulnerabilities in the system and implement necessary solutions to remediate the vulnerabilities.
• Automate security and compliance checks into the software development and delivery process to ensure compliance with industry standards.
• Be involved in the design and subsequent implementation of software and service infrastructure
• Experience deploying and monitoring web applications in GCP, AZURE, and AWS.
• Perform Infrastructure as Code and infrastructure testing strategies.
• Work closely with the development team to ensure that all new code is developed with security in mind.
• Provide guidance and training to team members on secure coding practices and cybersecurity.
• Continuously improve the security posture of our systems by identifying and remediating vulnerabilities and weaknesses.

Establish and maintain security policies and procedures in alignment with industry best practices and compliance standards.

Experience Level

Senior Level