Job Title: Senior DevSecOps Engineer

Company Name: Oliver James

Job Url: https://www.aplitrak.com/?adid=V2lsbGlhbS5CYXJsYXkuODk2NjIuMTU1MEBvbGl2ZXJqYW1lc2Fzc29jaWF0ZXMuYXBsaXRyYWsuY29t

Job Description: 
Title: Senior DevSecOps Engineer
Location: Remote, must be based in US
Type: FTE, Direct Hire
Base Salary Range: $170-200k
**No third parties, please note sponsorship is not provided for this position**

 

Our leading Insurance client is seeking a Senior DevSecOps Engineer where you will design automated, developer-friendly security controls across the SDLC



This is a hands-on role for someone who enjoys solving real engineering problems, writing code (Python), and embedding security directly into CI/CD pipelines and cloud-native architectures. This role is about building security into how software is delivered, not bolting it on afterward.



Key Responsibilities:

Design and implement automated security controls across CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
Integrate SAST, SCA, DAST, IaC, and container security scanning into build and release workflows.
Write and maintain automation in Python, JavaScript, and supporting frameworks (Selenium, Cucumber).
Build custom integrations and APIs to connect security tooling into developer workflows.
Implement secrets management and secure configuration using modern vault and policy platforms.
Partner with cloud and platform teams to embed security controls into Kubernetes, APIs, and infrastructure-as-code.
Leverage cloud security platforms (e.g., Wiz, Prisma Cloud) to improve visibility and posture.
Act as a trusted advisor to engineering teams, helping them design secure solutions early.
Translate security requirements into practical, consumable engineering standards.
Advocate for “shift-left” security through tooling, automation, and education, not bureaucracy.
Participate in application penetration testing, vulnerability research, or bug bounty programs.
Help mature ASPM capabilities using platforms such as Legit, Cycode, Akido, or similar.


Skilled Needed:

7-10 year's demonstrated experience in the AppSec/Security/DevOps Engineering space.
At least 3+ years in a dedicated DevSecOps role.
Strong hands-on experience embedding security into CI/CD pipelines.
Proficiency in Python & Java; comfort writing production-grade automation.
Ideally experience with at least one tool in each category:
SAST/SCA: Snyk, Veracode, Checkmarx
DAST: Burp Suite Enterprise, OWASP ZAP
ASPM: Cycode, Legit, Akido
Cloud Security: Wiz, Prisma Cloud
Solid understanding of secure SDLC practices, container security, and modern cloud architectures.
Hands-on penetration testing or bug bounty experience (plus, not essential).


To be considered for the role please apply online or email an updated Resume to William Barclay at Oliver James - william.barclay@oliverjames.com