Apply on Employer Site

Accordion · 2 hours ago

DevSecOps Engineer, Internal Security

Charlotte

Full-time

Hybrid

Senior Level

5+ years exp

Accordion is a finance and technology company focused on enhancing value in private equity-backed portfolio companies. The DevSecOps Engineer will collaborate with internal development teams to integrate security best practices throughout the software development lifecycle and lead efforts to identify and mitigate security risks in cloud environments.

AccountingConsultingFinanceFinancial ServicesFinTech

Growth Opportunities

No H1B

Responsibilities

Collaborate with internal development teams to ensure deliverables meet enterprise security standards and best practices in our software development lifecycle

Participate in code and architecture reviews, providing actionable recommendations and secure alternatives

Advise on and help integrate secure solutions into application and infrastructure pipelines across Azure, AWS, Google Cloud Platform, and Oracle Cloud

Work with the Security Engineer and Cloud Engineer to proactively identify, assess, and mitigate security risks in cloud environments and in any infrastructure as code

Lead the implementation of recommendations from penetration tests and vulnerability assessments, working hands-on with development stakeholders

Support the build-out of a robust DevSecOps program, partnering with Accordion’s CISO and Information Security Manager

Serve as a subject matter expert to educate development teams with best practices regarding the SDLC

Review CI/CD platforms (e.g., Jenkins, GitLab, AzureDataFactory, Databricks) and containers to ensure secure deployments

Maintain awareness of emerging threats, security technologies, and compliance requirements relevant to Accordion’s business and clients

Design and implement security policies, standards, and guidelines for development best practices tailored to Accordion’s and our client’s risk profile and industry frameworks (including GDPR, HIPAA, SOC, SOX, and PCI)

Consistently support Security services firmwide as Accordion grows and scales

Qualification

DevSecOpsCloud SecuritySecurity PrinciplesProgramming/ScriptingCI/CD PipelinesContainer SecuritySecurity CertificationsCommunication SkillsProblem-SolvingTeam Collaboration

Required

Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience

Proven experience (minimum 5 years) as a DevSecOps Engineer or in a similar security engineering role, including significant enterprise and cloud security exposure

Deep understanding of security principles, best practices, and regulatory frameworks (especially GDPR, with strong working knowledge of HIPAA, SOC, SOX, and PCI)

Expertise with Azure and AWS cloud security; proficiency with Google Cloud Platform and Oracle Cloud are a plus

Hands-on experience with programming/scripting (such as Python, Bash, PowerShell), plus experience using secure coding practices

Familiarity with code review techniques, security assessment tools, penetration testing approaches, and vulnerability scanner platforms

Direct experience with CI/CD pipelines and automation tools

Fundamental knowledge of container security (e.g., Docker, Kubernetes) and IaC applications

Excellent verbal and written communication skills to effectively advise technical and non-technical stakeholders

Strong problem-solving abilities and interpersonal skills suited to a collaborative, team-driven environment

The candidate must be comfortable operating in a dynamic, growth-oriented environment with the willingness to take initiative and help shape the future of Accordion's security posture

Preferred

Security certifications (CISSP, CEH, OSCP, or similar)—strongly preferred but not mandatory; demonstration of practical expertise in both security and development/programming is most critical

Prior exposure to consulting, training, or facilitating cross-functional security workshops is a plus

Experience helping build security programs from the ground up, ideally in partnership with CISO or security leadership