Principal DevSecOps Engineer (Remote)

Bachelor’s Degree and 8 years’ experience OR Master’s Degree and 7 years’ experience OR PhD and 3 years’ experience 5+ years of experience in application security and software development 3+ years of experience implementing, administering, and supporting application security tooling Extensive knowledge of secure coding practices across multiple programming languages (esp. Java, Node.js) Extensive experience integrating security testing into CICD pipelines Strong knowledge of application security principles and common vulnerabilities (e.g., OWASP Top 10, CWE) Experience implementing and scaling DevSecOps practices and tooling Experience implementing DevSecOps workflows in cloud environments (AWS, Azure) Experience developing Infrastructure As Code (IaC) via TerraForm and/or CloudFormation Experience supporting developers with assessing and mitigating application security test findings Ability to communicate technical findings effectively to technical and non-technical stakeholders Demonstrated ability to function as a principal engineer, generating original technical ideas and strategies Excellent written and oral English communication skills Experience coaching and supporting junior engineers

Implement and maintain Application Security Testing (AST) tools (SAST, DAST, IAST, SCA) Implement and maintain Application Security Posture Management (ASPM) tools Provide first-line support for users regarding false positives and remediation Integrate security tooling with CI/CD pipelines Develop reports on security findings and remediation efforts Demonstrate proficiency in application security, software design, containerization, and cloud environments Coach and support junior engineers