SecDevOps Engineer

Primary Functions:  

1. Embed security controls, monitoring, and compliance automation across the software development lifecycle (SDLC) for internally developed and low-code (Power Platform) applications handling business data and customer sensitive data.
2. Engineer and operate secure, resilient CI/CD pipelines across the Power Platform and GitHub with automated quality and security gates (SAST, DAST, dependency, container, infrastructure-as-code scanning, secrets detection, SBOM generation).
3. Provide direct support to developers.  Implement, tune, and maintain cloud security guardrails (Azure, M365, Power Platform) including data protection, configuration baselines, and zero-trust principles.

4. Lead/assist in incident response and vulnerability management – rapid triage, containment, remediation, root cause analysis (RCA), and post-incident improvement actions.
5. Provide security guidance, threat modeling (STRIDE/PASTA/ATT&CK input), and coaching to developers, analysts, and stakeholders to improve secure design and release quality metrics.
6. Network security operations, define and enforce network segmentation, VNet/subnet configurations, and security groups in AWS/Azure, implement firewall rules, NSGs, and service endpoint protections, validate zero trust principles in cloud network design

 Position Requirements:   

• Holding one of the following certifications: Security+, CISSP, CND, or CASP+
• U.S. work authorization and the ability to obtain or maintain a Secret clearance
• Experience deploying and monitoring web applications in AWS and/or Azure
• Availability for limited after-hours/on-call participation during critical incidents or 24 -hour war-room responses
• Adhere to organizational policies, confidentiality, and handling standards for sensitive data.
• Design, implement, and secure containerized workloads using Docker and Kubernetes, with a strong emphasis on Linux-based environments, image scanning, runtime protection, and policy enforcement.
• Build and track security using automation, Snyk for packages and Solution Checker for Power Platform and Power Apps
• Deep understanding of identity and access management, encryption standards, network protocols
• Experience performing code reviews, threat modeling (STRIDE, PASTA), root-cause analysis on security incidents

Preferred: 

• Bachelor’s degree in Computer Science, Cybersecurity, or related fields
• Active Secret clearance
• Knowledge of compliance automation 

General Experience: 

• 5+ years combined experience in DevOps, Cybersecurity Engineering, Cloud Engineering, or related roles supporting production workloads.
• Demonstrated history of automating build/deploy pipelines and implementing security testing/monitoring at scale.

Functional Responsibility:  

• Owns definition, implementation, and continuous improvement of DevSecOps practices, pipelines, and controls
• Translates regulatory and contractual requirements (such as NIST 800-53) into automated, testable controls and evidence collection.
• Designs and maintains standardized Infrastructure as Code (IaC) and security baselines; ensures traceability from risk to mitigation.
• Coordinates with product owners to align remediation priorities with business impact and risk appetite.

Specialized Experience:  

• Hands-on with Azure (Entra ID, Key Vault, Defender for Cloud), Microsoft Power Platform (Power Apps, Power Automate, Dataverse, SharePoint) security configuration and integration with traditional software services.
• Hands-on with Docker, Kubernetes container technologies and Linux operating system
• Continuous Integration and Continuous Deployment (CI/CD) tooling (GitHub Actions, Azure DevOps pipelines) including artifact management, environment promotion strategies and policy enforcement
• Security scanning tools including Snyk, GitHub (Advanced Security & Dependabot), Microsoft Solution Checker) and interpreting output into actionable backlog items
• Threat modeling using STRIDE, PASTA stages (particularly Stages 4-7), MITRE ATT&CK and CAPEC referencing, and CWE mapping for defect classification.
• Incident handling through triage logging, forensics, containment, credentials rotation, and post-incident retrospectives.

Additional requirements: 

• Strong scripting/automation in at least one: PowerShell, Python, or Bash.
• Clear, concise written and verbal communication for executive summaries and technical deep dives.
• Ability to prioritize remediation and negotiate risk-based exceptions with stakeholders.
• Commitment to mentoring peers and elevating team security maturity.
• Continuous learning mindset; tracks emerging CVEs, supply chain risks, and platform updates.

Notes:  

• This description is not exhaustive. Duties may evolve with organizational maturity, regulatory changes, or platform expansion.
• Role emphasizes enablement – building paved roads and guardrails that accelerate (not obstruct) secure delivery.

Contacts:  

• Internal
  • CISO/CTO, Program/Product/Project Managers, Developers, HR, Compliance/Legal, Leadership, Help Desk 
• External
  • Security auditors, potential government customer representatives

Complexity:  

• Operates in a mixed ecosystem of custom code and low-code solutions with evolving requirements and constrained resources.
• Balances rapid delivery pressures against risk reduction and audit readiness.
• Must contextualize scanner outputs and translate them into prioritized, measurable remediation plans.

Supervision Given:  

• Provides technical mentorship, code / pipeline security reviews, and training sessions to developers.
• Does not typically have formal direct reports initially but may evolve into a lead capacity as the function scales.

Equipment Used:  

• Standard enterprise workstation (Windows) with secured toolset
• Azure Virtual Desktop (AVD)
• Scripting / IDE tools (VS Code, PowerShell, Python)
• Security scanning & monitoring platforms (Snyk and more)
• Collaboration & documentation tools (Teams, SharePoint, ticketing systems)