Job Description
Accumulus is seeking a DevSecOps Engineer. This will be a key role within the Security Solutions Architecture team, reporting directly to the Lead DevSecOps Engineer.
As a DevSecOps Engineer, you will play a crucial role in integrating security into every phase of our software development and operational processes. Your work will directly contribute to the secure delivery of our product offerings, ensuring that security best practices are embedded from code to cloud. This position is perfect for a proactive and skilled engineer passionate about automating security and operational excellence.
Responsibilities
- Embed security controls and best practices into the CI/CD pipeline, ensuring the secure development and deployment of software.
- Develop and maintain automation scripts and tools to automate security testing (SAST, DAST, SCA) and compliance scanning. Utilize infrastructure as code (IaC) to manage and provision resources securely.
- Complete security risk assessments on development features and working with development teams to incorporate security requirements.
- Complete security reviews of development features to ensure that security requirements have been satisfied.
- Identify, analyze, and remediate vulnerabilities in software and infrastructure. Work closely with development teams to address security issues in early development stages.
- Participate in the incident response process, including analysis, and remediation of security incidents.
- Collaborate with cross-functional teams to enhance security posture.
- Participate as security subject matter expert (SME) for multiple project teams.
- Proficient in at least one coding language (Python, Ruby, Java or similar).
- Experience working in Agile development with experience in technologies such as Containers (Docker, Kubernetes, or similar).
- Ensure compliance with security policies, standards, and regulations.
- Contribute to the development and enforcement of security hardening guidelines.
- Work closely with development, operations, and security teams to foster a culture of security awareness. Advocate for security best practices and educate team members on security-centric methodologies.
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience
- Relevant industry recognized information security certifications
- Demonstrable experience in a DevSecOps role, with a strong background in security as it relates to cloud computing, SaaS environments, and CI/CD pipelines
- Proficiency in scripting and automation tools (e.g., Python, Bash, Terraform, Ansible)
- At least 3 years of experience working with Microsoft Azure cloud.
- Experience with containerization technologies (e.g., Docker, Kubernetes)
- Knowledge of security standards and compliance frameworks relevant to the SaaS industry
- Experience implementing and operating security scanning and vulnerability management tools