About this role
The DevSecOps Engineer integrates security and compliance into the software development lifecycle, CI/CD pipelines, application workflows and cloud infrastructure. This role ensures secure-by-design principles are embedded across YPO’s global, AI-first, mobile-native platforms, protecting confidentiality, integrity, and availability while enabling engineering velocity.
Architect and implement secure-by-design controls across multi-cloud environments including AWS, Azure and GCP. Develop Infrastructure as Code and policy-as-code guardrails with automated configuration validation, remediation and security controls within CI/CD pipelines.
Lead threat modeling, architecture reviews and security design reviews. Enforce enterprise IAM and Zero Trust principles while owning the vulnerability management lifecycle, SIEM integration and incident response playbooks.
Partner with Cloud Engineering and IT Security teams to operationalize compliance frameworks such as SOC 2, ISO 27001 and NIST CSF. Automate security operations, audit artifact generation and continuous improvement of security maturity.
Requirements
- Ability to work collaboratively in a multi-cultural organization with international members.
- Excellent interpersonal skills, including strong diplomacy skills with the ability to build meaningful relationships with all levels of associates, members and vendors.
- Resourceful and able to work independently with initiative and common sense; effective time management, organization and prioritization skills.
- Possesses a distinct global mindset, sensitive to local and international customs and protocols.
- Demonstrate empathy through active listening and asking the right questions.
Responsibilities
- Architect, implement, and continuously improve secure-by-design controls across multi-cloud environments (AWS, Azure, GCP), including network segmentation, encryption, secrets management, secure APIs, and container platforms (Kubernetes, ECS, AKS).
- Develop and enforce Infrastructure as Code and policy-as-code guardrails (Terraform, CloudFormation, ARM, OPA, Sentinel, Azure Policy, AWS SCPs) with automated configuration validation and remediation.
- Design and maintain security controls within CI/CD pipelines, integrating SAST, DAST, SCA, container and IaC scanning, and automated security gates.
- Lead threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, and security design/code reviews to mitigate risk prior to deployment.
- Own the vulnerability management lifecycle, including asset discovery, continuous scanning, risk-based prioritization, remediation tracking, and penetration testing coordination.
- Integrate application and cloud telemetry into SIEM/SOAR platforms, define detection standards, support log ingestion strategy, conduct threat hunting, and assist with incident response.
- Operationalize compliance frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, CCPA), support audit readiness and third-party risk management.
Similar roles
DevSecOps Engineer I
2d2 days agoPratt & Whitney Canada
Aguadilla, PR · Full-time · $55,000 – $75,000
Software Engineer II - Security
4d4 days agoAurora Innovation
Pittsburgh, US · Full-time · $126,000 – $181,500
Senior Staff Software Engineer - Security
4d4 days agoAurora Innovation
Pittsburgh, US · Full-time · $191,000 – $277,000
OT Cybersecurity Engineer
2w2 weeks agoVantage Data Centers
GB · Full-time · £70,000 – £100,000