September 2, 2025
Dev Security Operations Engineer
Reports to: Sr. Director of IT
Position Description
The Dev Security Operation Engineer is responsible for integrating security practices into the DevOps pipeline and ensuring that security is embedded across the entire software development lifecycle. This role bridges the gap between development, operations, and security teams to deliver secure, scalable, and reliable systems.
Major Responsibilities:
- Collaboration & Training
- Act as a security advisor to developers and engineers during design and code reviews.
- Lead internal security awareness training and workshops for development teams.
- Ability to present ideas in a business-friendly language
- Bridges Gaps Between Teams – Works well with customer and internal business units
- Client-facing & stakeholder-facing skillset
- Infrastructure & Cloud Security
- Deploy and manage infrastructure as code (IaC) securely using Terraform, Team City, or similar.
- Monitor and secure cloud platforms (Azure) using best practices and tools
- Monitoring cloud cost and optimizing cloud service to maintain performance while downsizing or decommissioning under-utilized services
- Create diagrams of cloud architecture that can be used both internally and for customer facing discussions.
- Manage File Transfer servers used for customer feeds to ensure accounts are provisioned securely and monitored for any suspicious behavior
- Experienced with network infrastructure, database, cloud and data center operations, and security protocols.
- Secure CI/CD Pipelines
- Design and implement secure CI/CD pipelines using tools like Jenkins, GitHub Actions, GitLab CI/CD, etc.
- Automate security testing (SAST, DAST, SCA) within the development pipeline.
- Vulnerability & Threat Management
- Perform automated pen test scanning of platforms using tools (Probely, Invicti, etc.) to identify software vulnerabilities and work with the dev team to resolve these.
- Work towards understanding our customer traffic patterns in order to design and configure WAF rules on Cloudflare that can mitigate threats against bot attacks and bad actors.
- Monitor logs, SIEM tools, and alerts for signs of breach or misconfiguration.
- Security Governance & Compliance
- Support audits and ensure compliance with standards like SOC 2, ISO 27001, or NIST.
- Maintain security documentation and contribute to internal security policies and playbooks.
Critical Success Factors:
- Maintains professional demeanor and positive approach always with internal and external clients
- Has the ability to influence others through the socialization of ideas with the goal of moving forward the company objectives and interests
- Listens intently to quickly grasp the issues, concerns, etc. and work interdependently to find an agreed upon resolution.
- Ensures cybersecurity is a top priority with the compliance/successful audits for all applications
- Is transparent! On all projects, programs, and initiatives – keeps all stakeholders updated in a timely manner.
Required Skills, Knowledge, and Intangibles
- 5+ years of experience in DevOps, DevSecOps, or Cloud Security roles.
- Proficiency with CI/CD pipelines, IaC, and scripting (Python, Bash, etc.).
- Deep understanding of containers and orchestration (Docker, Kubernetes).
- Experience with cloud platforms (AWS/GCP/Azure) and securing them.
- Hands-on with security tools: Snyk, Aqua, Checkmarx, Burp Suite, etc.
- Familiarity with zero-trust principles, secrets management (Vault, AWS KMS), and endpoint hardening.
Key Performance Measurements
- % of CI/CD pipelines with automated security checks.
- Mean Time to Detect (MTTD) and Mean Time to Remediate (MTTR) for vulnerabilities.
- Compliance audit readiness and pass rate.
- Number of critical incidents proactively prevented.
Work Environment
- Hybrid or Remote depending on team structure.
- Agile development cycles with a strong security-first culture.
- Frequent collaboration with cross-functional teams (Dev, QA, Security, Ops)
Direct Report(s)
- n/a
Salary Range
- $80K – $100K