DevOps Engineer

DevSecOps Engineer Job Title: DevSecOps Engineer Location: Remote (EST Time Zone) Contract Duration: 12 months (with possibility to extend), no C2C Seniority: Mid to Senior Pay: 65-75p/hr Responsibilities: • Assess the current CI/CD pipelines and propose/implement improvements to integrate security checks early (SAST, DAST, SCA, etc.). • Develop, configure, and maintain infrastructure as code (IaC) with embedded security best practices (least privilege, secure network rules, encryption). • Harden containerization and orchestrated environments (Docker, Kubernetes) in terms of image security, secrets, access controls. • Implement or improve secrets management (e.g. HashiCorp Vault, cloud provider secrets stores). • Set up monitoring/logging/alerting for security events, assist with incident response and remediation. • Collaborate with dev, QA, and operations teams to ensure security is shared responsibility; provide guidance and review pull requests, infrastructure changes, etc. • Draft or refine security policies/documentation (coding standards, architecture guidelines, threat models). • Provide regular status reporting on vulnerabilities, remediation progress, and security posture. Required Qualifications: • 4‑7 years of experience in DevSecOps, Security Engineering, or related role. • Strong experience with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, etc.), and building pipelines with security gates. • Experience with static code analysis, dynamic security testing, and dependency scanning. • Hands‑on with Infrastructure as Code tools (Terraform, CloudFormation, etc.). • Container / Kubernetes experience: securing images, runtime, RBAC, secrets. • Experience with secrets management tools (Vault, AWS Secrets Manager, Azure Key Vault, etc.). • Proficiency in scripting languages (Python, Bash, etc.) for automation. • Familiarity with cloud environments (AWS, Azure, or GCP) and cloud security best practices. • Good communication skills; able to work remotely and collaborate across multiple teams. Preferred Qualifications: • Experience with compliance frameworks (SOC2, ISO 27001, GDPR, etc.). • Prior experience doing threat modeling and secure architecture reviews. • Experience with container scanning tools (e.g. Clair, Trivy) or Kubernetes security tools. • Exposure to policy as code tools (OPA, etc.). • Certifications like CISSP, CISM, CKAD/CKS, etc. Project Overview: A mid‑sized SaaS company is looking to enhance its security posture by embedding security throughout the software development lifecycle. The goal is to redesign the CI/CD pipelines, improve vulnerability detection, automate infrastructure security, and ensure compliance with relevant industry standards (e.g. ISO 27001, SOC2).