Staff DevSecOps Engineer

Job Overview:

We are looking for staff-level cybersecurity professionals with a strong background in one or more of DevSecOps, network security, and security architecture. The DevSecOps Engineer will play a critical role in embedding security into every stage of the software development lifecycle. The ideal candidate will have a minimum of 8+ years of experience in DevSecOps or related fields and a strong understanding of cloud platforms, security automation, and secure coding practices.

Key Responsibilities:

• Collaborate with development, operations, and security teams to integrate security into the CI/CD pipeline, ensuring that security is embedded at every stage of the software development lifecycle.
• Design, implement, and maintain security automation tools and processes to identify, manage, and remediate vulnerabilities in the development and production environments.
• Develop and enforce security policies, standards, and best practices for cloud-based and on-premises infrastructure.
• Monitor and analyze security vulnerabilities and incidents, providing timely and effective remediation.
• Perform regular security assessments, including code reviews, vulnerability scans, and penetration tests, to ensure the security of applications and infrastructure.
• Implement and manage security tools such as firewalls, intrusion detection/prevention systems, and endpoint protection.
• Work with development teams to ensure secure coding practices and compliance with security standards.
• Lead efforts to secure Kubernetes clusters and containerized environments.
• Manage infrastructure as code (IaC) using tools like Terraform, OpenTofu, or CloudFormation to ensure secure and scalable deployments.
• Automate security tasks and processes using Python and shell scripting.
• Stay up-to-date with the latest security threats, technologies, and industry trends, and apply this knowledge to enhance the security posture of the organization.
• Participate in incident response and disaster recovery planning and execution.

Qualifications:

• Minimum of 8+ years of experience in DevSecOps, DevOps, or a related field, with a strong focus on security.
• Experience with AWS or deep fluency in one of GCP or Azure, with a strong desire to expand knowledge into AWS.
• Proficiency with CI/CD tools such as Github Actions, Jenkins, GitLab CI, or CircleCI, and experience in integrating security tools into these pipelines.
• Hands-on experience with Kubernetes, including securing and managing clusters in production environments.
• Proficiency with infrastructure as code (IaC) tools such as Terraform, OpenTofu, or CloudFormation.
• Strong programming skills in Python and shell scripting for automation and security tasks.
• Knowledge of security best practices, including secure coding, encryption, authentication, and access control.
• Excellent problem-solving skills, with the ability to troubleshoot complex security issues.
• Strong communication skills, with the ability to convey technical security information to non-technical stakeholders.
• Must be a US Citizen or legal permanent resident (Xometry handles ITAR data)

Preferred Qualifications:

• Experience in security architecture and designing secure systems.
• Knowledge of JavaScript and securing JavaScript-based applications.
• Relevant certifications such as CISSP, Security+, or AWS Certified Security – Specialty.
• Experience with automating security in a microservices architecture.
• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field (or equivalent work experience).

#LI-Hybrid