DevSecOps Engineer

Company Description Silpa Companies, LLC is a national IT consulting and staffing firm empowering organizations across multiple industries through a blend of AI adoption, Master Data Management, Data and Analytics, Cybersecurity, Cloud Engineering, DevSecOps/GitOps, Fractional C-Suite leadership, Digital Transformation, and M&A advisory for private equity and software ventures. Role Description Silpa Companies is seeking a hands-on DevSecOps Engineer for contract, project-based engagements across our cloud engineering, application security, and platform delivery portfolio. You will embed with client engineering teams to build, secure, and automate the pipelines, infrastructure, and delivery workflows that power modern software organizations. This role sits at the intersection of development, operations, and security. You are not a policy writer or an auditor. You are an engineer who builds secure systems, automates security controls into pipelines, and hardens cloud infrastructure across Azure, AWS, and GCP. You are comfortable writing Terraform, tuning a SIEM alert, reviewing a Dockerfile for security misconfigurations, and advising a development team on secrets management in the same week. Versatility and technical depth are what make this role work. Key Responsibilities CI/CD Pipeline Security and Automation • Design, build, and maintain secure CI/CD pipelines using GitHub Actions, Azure DevOps, Jenkins, GitLab CI, or equivalent tooling. • Integrate SAST, DAST, SCA, container scanning, and secrets detection tools directly into pipeline workflows. • Enforce security gates, policy-as-code checks, and compliance controls as automated pipeline steps. • Manage pipeline secrets, service credentials, and environment configurations using vault solutions (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault). • Continuously improve pipeline performance, reliability, and security posture across client delivery environments. Cloud Infrastructure and Security • Design and implement secure cloud infrastructure across Azure, AWS, and GCP using infrastructure-as-code (Terraform, Bicep, CloudFormation, Pulumi). • Harden cloud environments against misconfigurations using tools such as Prisma Cloud, Wiz, Defender for Cloud, or AWS Security Hub. • Implement and manage identity and access controls including IAM policies, service accounts, RBAC, and least-privilege enforcement. • Configure and maintain network security controls including VPCs, security groups, private endpoints, and zero-trust network access patterns. • Monitor cloud environments for security events, anomalies, and compliance drift using SIEM and cloud-native observability platforms. Container and Platform Security • Secure containerized workloads and Kubernetes clusters including pod security policies, network policies, image scanning, and runtime protection. • Manage and harden Kubernetes environments across AKS, EKS, and GKE. • Enforce image provenance, vulnerability scanning, and supply chain security practices across container registries. • Contribute to service mesh configuration and workload identity management in containerized environments. Collaboration and Engineering • Partner with development teams to shift security left and build a culture of secure-by-default engineering. • Conduct architecture reviews and threat modeling sessions to identify security risks early in the development lifecycle. • Produce clear documentation for pipelines, runbooks, security controls, and infrastructure configurations. • Support incident response activities including forensic data collection, environment containment, and post-incident hardening. AI and LLM Security • Assess and harden AI-powered applications and LLM integrations against threats defined in the OWASP LLM Top 10 including prompt injection, insecure output handling, and model denial of service. • Integrate AI-specific security scanning and validation controls into CI/CD pipelines for applications that consume LLM APIs or deploy ML models. • Evaluate and enforce data privacy and access controls for AI workloads including RAG pipelines, vector databases, fine-tuning datasets, and model endpoints. • Advise engineering teams on secure prompt design, input sanitization, and output filtering for LLM-integrated applications. • Monitor AI and ML infrastructure for anomalous usage patterns, model misuse, and data exfiltration risks. • Support secure deployment of AI services across Azure OpenAI, AWS Bedrock, and Google Vertex AI including network isolation, identity controls, and logging. What We Are Looking For • 3 or more years of hands-on DevSecOps, platform engineering, or cloud security engineering experience. • Proficiency with CI/CD tooling and the ability to build and modify pipelines, not just run them. • Hands-on experience securing infrastructure and workloads across Azure, AWS, and GCP. • Strong IaC skills with Terraform and at least one cloud-native IaC tool (Bicep, CloudFormation, or Pulumi). • Experience with container security across Docker and Kubernetes, including cluster hardening and image scanning. • Working knowledge of application security tooling including SAST, DAST, SCA, and secrets scanning solutions. • Familiarity with AI and LLM security risks including OWASP LLM Top 10, prompt injection, data leakage through model outputs, and supply chain risks in ML pipelines. • Familiarity with compliance frameworks (SOC 2, NIST, CIS Benchmarks) as they apply to cloud and pipeline environments. • Strong scripting skills in Python, Bash, or PowerShell to automate security and operations workflows. Preferred Certifications • AWS Certified Security Specialty • Microsoft Certified: Azure Security Engineer Associate • Google Cloud Professional Cloud Security Engineer • Certified Kubernetes Administrator (CKA) or Certified Kubernetes Security Specialist (CKS) • HashiCorp Certified: Terraform Associate • Certified DevSecOps Professional (CDP) or equivalent • CompTIA Security+ or equivalent foundational security certification Eligibility Requirements • Authorized to work in the U.S. • Candidates located in the Houston, Texas area will be given preference; however, remote practitioners will also be considered. • Reliable, secure internet connection and ability to travel to client sites as required by engagement scope. • Available to mobilize within a standard engagement window and maintain consistent availability throughout project duration. Why Work With Us? Silpa Companies places DevSecOps Engineers on engagements where the work is real, the environments are complex, and your contributions directly improve how clients build and ship software. You will work across cloud platforms, pipeline toolchains, and security stacks that span multiple industries and technology maturity levels. No two engagements are the same. Engineers who bring technical depth and a security-first mindset build strong reputations within the Silpa network and are consistently prioritized for follow-on and expanded scope engagements.