DevOps Engineer

Job Category: Technology and IT
Job Type: Remote
Job Location: USA
Salary: $65/hr - $69/hr
Company Name: GTN Technical Staffing

Company Overview

We deliver scalable technical staffing solutions tailored to meet the needs of Fortune 2000 companies. Our offerings include Statement of Work (SOW) engagements, field services, managed services, depot management, staff augmentation, and direct hire placements. Our teams consist of specialized and certified professionals who have completed intensive technical boot camps and continuously participate in ongoing training and industry meetups to stay ahead of the curve.

Position Overview:
We are seeking a Senior DevSecOps Engineer to lead the integration of security throughout our entire software development lifecycle. As a senior team member, you will shape strategy, establish standards, and implement scalable, robust security practices that safeguard our development processes, infrastructure, and operations while ensuring compliance. You will collaborate closely with engineering, architecture, cloud, and security teams to deliver secure-by-default solutions, build developer guardrails, and conduct architecture security assessments (ASA) for critical systems. This role requires deep technical expertise, strategic vision, excellent communication skills, and the ability to drive secure design and delivery at scale.

Key Responsibilities:

Strategic Leadership

  • Define and advocate for a comprehensive DevSecOps strategy and roadmap that aligns security objectives with development velocity.

  • Mentor and support engineers across development, security, and operations on secure design principles, automation, and risk-based decision making.

  • Lead threat modeling and architectural risk assessments for new products and major system changes.

  • Establish metrics and KPIs to measure DevSecOps effectiveness and drive continuous improvement.

Core Technical Responsibilities

  • Shift-Left Security: Integrate security controls and tooling early in development workflows (IDEs, code reviews, pre-commit hooks).

  • CI/CD Security Automation: Embed security scanning tools (SAST, DAST, SCA) into CI/CD pipelines using platforms such as GitHub Actions, GitLab CI, or Jenkins.

  • Infrastructure as Code (IaC): Secure cloud infrastructure through IaC tools (Terraform, CloudFormation) with automated policy enforcement.

  • Security Testing: Deploy and manage static and dynamic analysis tools to ensure code security across repositories.

  • Policy as Code: Define and enforce security policies using frameworks like Open Policy Agent (OPA), Sentinel, or custom rules.

  • Automated Security: Build automated pipelines for vulnerability scans, compliance verification, and secret detection.

  • Continuous Monitoring & Logging: Implement monitoring for real-time threat detection using tools such as GuardDuty, CloudTrail, and SIEM solutions.

  • Architecture Documentation: Develop and maintain detailed architecture and security diagrams for all key systems.

  • Developer Guardrails: Create security guardrails including approved patterns and automated feedback to guide secure coding practices.

  • Architecture Security Assessments (ASA): Lead ASA reviews for significant changes, ensuring secure-by-design principles are followed.

  • Threat Modeling: Drive ongoing threat modeling exercises across products and platforms.

Operational Security Focus

  • Design and maintain Web Application Firewall (WAF) rules and architectures (e.g., AWS WAF, Cloudflare).

  • Secure APIs at the gateway level with authentication, rate limiting, and input validation (AWS API Gateway, Kong, Apigee).

  • Integrate inline source code scanning in IDEs or via Git hooks to provide immediate feedback during development.

Required Qualifications:

  • 6+ years of hands-on experience in DevSecOps, Application Security, or Cloud Security roles.

  • Strong knowledge of secure software development practices, DevOps principles, and cloud-native architectures.

  • Proven expertise with CI/CD tooling and security automation.

  • Proficiency in scripting and programming languages such as Python, Go, or Bash.

  • Experience designing and operating secure environments on AWS, Azure, or GCP.

  • Skilled with Infrastructure as Code and configuration management tools (Terraform, Ansible, CloudFormation).

  • Deep understanding of container security and orchestration platforms (Kubernetes, Docker, Helm).

  • Familiarity with enterprise security tools for scanning, monitoring, and policy enforcement.

  • Ability to create comprehensive technical diagrams, security documentation, and artifacts.

  • Excellent verbal and written communication skills to influence technical teams and leadership.

Preferred Qualifications:

  • Industry certifications such as CISSP, CSSLP, OSCP, or cloud security certifications (AWS, GCP, Azure).

  • Experience with policy-as-code frameworks like OPA/Rego or HashiCorp Sentinel.

  • Hands-on knowledge of secrets management solutions (Vault, AWS Secrets Manager).

  • Familiarity with compliance standards including SOC 2, ISO 27001, HIPAA, PCI-DSS.

  • Prior involvement in red team, blue team, or purple team security exercises.

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx