Senior DevSecOps Engineer

Role Overview

• Work with DevOps teams to design, implement, and maintain secure CI/CD pipelines integrating security testing at every stage of the software development lifecycle
• Implement automated security scanning including SAST, DAST, SCA, container scanning
• Deploy and support API Security tools
• Ensure tools consistently report to aggregator
• Collaborate with development teams to promote secure coding practices and provide security guidance throughout the development process
• Ensure compliance with industry standards relevant to the travel industry including PCI-DSS, GDPR, and SOC 2
• Mentor junior engineers and promote a security-first culture across engineering teams

Requirements

• 5+ years of professional software development experience with demonstrable expertise in at least one major programming language (Python, Go, Java, JavaScript/TypeScript, or similar)
• 3+ years of hands-on DevSecOps or Security Engineering experience
• Strong knowledge of OWASP
• Strong cloud security expertise with at least one major cloud service provider (AWS, Azure, or GCP)
• Strong knowledge of API Security and associated security tools (Salt, Akamai, Cloudflare, or similar)
• Deep understanding of cloud-native security including IAM, network security, encryption, secrets management, and compliance frameworks
• Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, or similar)
• Experience with Infrastructure as Code tools (Terraform, CloudFormation, Ansible, or similar)

Tech Stack

• Ansible
• AWS
• Azure
• Cloud
• Google Cloud Platform
• Java
• JavaScript
• Jenkins
• Python
• SaltStack
• Terraform
• TypeScript
• Go

Benefits

• health and welfare insurance plans
• retirement programs
• parental leave
• adoption assistance
• wellbeing resources