Logo
eTeam

DEVSECOPS & APPLICATION SECURITY

eTeam, Minneapolis

Save Job
Key Responsibilities
  • Security by Design: Embed security requirements into CI/CD pipelines, infrastructure-as-code (IaC), and application architectures.
  • Automation & Tooling: Configure and maintain security scanning tools (SAST, DAST, SCA, container scanners) within automated build and deployment workflows.
  • Vulnerability Management: Triage, prioritize, and remediate vulnerabilities discovered in code, containers, and cloud environments; drive fixes and track metrics.
  • Incident Response Support: Assist in investigation of security incidents related to applications or infrastructure; write playbooks and run tabletop exercises.
  • Infrastructure Security: Implement and enforce secure configuration and hardening standards for cloud platforms (AWS, Azure, GCP) and Kubernetes clusters.
  • Policy & Compliance: Define, document, and enforce security policies, standards, and guidelines aligned with industry frameworks (OWASP, CIS Benchmarks, NIST).
  • Threat Modeling & Risk Assessment: Lead or participate in threat modeling sessions for new features; provide risk-based recommendations.
  • Training & Evangelism: Conduct security awareness workshops for developers and DevOps teams; champion "shift-left" security culture.
Required Qualifications
  • Experience: 5+ years in DevSecOps, cloud security, or application security roles.
  • Security Toolchain: Hands-on with static analysis (e.g., SonarQube, Fortify), dynamic analysis (e.g., ZAP, Burp Suite), software composition analysis (e.g., Snyk, Black Duck), and container scanning (e.g., Clair, Trivy).
  • CI/CD Integration: Expertise automating security gates in Jenkins, GitLab CI/CD, GitHub Actions, or equivalent.
  • Cloud & IaC: Proficiency with AWS/Azure/GCP security services, Terraform/CloudFormation, and Kubernetes security (PodSecurityPolicy, OPA/Gatekeeper).
  • Programming/Scripting: Strong skills in Python, Go, or Bash for automation and custom tool development.
  • Standards & Frameworks: Deep understanding of OWASP Top 10, CIS Benchmarks, NIST 800-53/800-190.
  • Vulnerability Management: Solid experience with vulnerability scanners (Nessus, Qualys) and issue-tracking systems.
Preferred Qualifications
  • Certifications: CISSP, CSSLP, GCP Professional Cloud Security Engineer, AWS Security Specialty, or equivalent.
  • DevOps Background: Prior hands-on experience in software development, infrastructure engineering, or platform engineering.
  • Container Security: Familiarity with service meshes (e.g., Istio), runtime protection tools (e.g., Falco), and supply chain security (e.g., Sigstore).
  • Threat Client & Red Teaming: Experience with penetration testing, threat intelligence feeds, or purple-team exercises.