DevSecOps Engineer

About the Role

The DevSecOps Engineer will be part of a team that includes inspired data scientists, financial services industry experts, and customer experience fanatics. The company's approach uses machine learning to engage each customer digitally and adjust strategies in real-time in response to their interactions. The ideal candidate will be passionate about security, cloud infrastructure, and collaborative development.

What You Will Do

• Design and implement security-first CI/CD pipelines, embedding automated security testing and partnering with engineering teams to ensure applications are built, deployed, and operated securely at scale
• Embed security controls and scanners into CI/CD pipelines, including SAST, SCA, DAST, IaC, and Container Security
• Implement security gates, policy enforcement, and compliance checks within pipelines
• Secure cloud-native architectures across AWS, including IAM, VPC, ECS/EKS, Lambda, S3, and API Gateway
• Integrate and operationalize CNAPP/CSPM tools, such as Wiz or Prisma Cloud
• Enforce least privilege access, secrets management, and runtime protections
• Define and maintain security policies for the AWS environment, focusing on containerized workloads and serverless architectures
• Automate compliance by building real-time monitoring and automated remediation for AWS resources
• Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans
• Develop security standards for Generative AI and leverage AI-powered tools to explore the attack surface
• Secure Infrastructure as Code templates and manage cloud primitives like IAM, KMS, and WAF

What We Are Looking For

• 7-10 years of experience in software engineering, DevOps, or cloud engineering
• 3+ years of experience in a DevSecOps focused role
• Deep mastery of cloud security, vulnerability analysis, and incident response
• Demonstrable expertise in the AWS ecosystem and proficiency in securing Infrastructure as Code
• Top-tier industry certifications, such as CISSP, SANS GIAC, or CASP
• Firm grasp of compliance frameworks like PCI and ISO 27001
• Technical versatility, including familiarity with OWASP and proficiency with modern security tooling
• Ability to secure complex API integrations and data protection layers
• Understanding of the evolving landscape of AI regulations

Nice to Have

• Experience with containers and container orchestration
• Knowledge of Terraform and CloudFormation
• Familiarity with AI-powered security tools
• Certification in cloud security or a related field

Benefits and Perks

• Competitive salary and benefits package
• Opportunity to work with a mission-driven company
• Collaborative and dynamic work environment
• Professional development and growth opportunities
• Flexible remote work arrangements
• Access to cutting-edge technology and tools
• Recognition and reward for outstanding performance

• Familiarize yourself with TrueML's unique approach to machine learning and customer experience before applying
• Showcase your technical skills in CI/CD pipelines, cloud security, and compliance
• Highlight your ability to collaborate with cross-functional teams and communicate complex security concepts
• Prepare to discuss your experience with industry certifications, such as CISSP or CASP
• Research the company's technology stack and be prepared to ask informed questions during the interview process
• Demonstrate your understanding of the evolving landscape of AI regulations and security threats