Apply on Employer Site

Bandwidth Inc. · 8 hours ago

Senior DevSecOps Engineer

Raleigh, NC

Full-time

Hybrid

Mid, Senior Level

4+ years exp

Bandwidth Inc. is a global software company that helps enterprises deliver exceptional experiences through voice, messaging, and emergency services. The Senior DevSecOps Engineer will deliver advanced technical expertise to integrate security, automation, and observability across Bandwidth’s software development and infrastructure environments, focusing on secure-by-default practices and enabling faster delivery pipelines.

Information TechnologyMessagingTelecommunicationsWeb Hosting

Work & Life Balance

H1B Sponsor Likely

Responsibilities

Implement, maintain, and optimize security tooling across build, test, and deploy stages (SAST, DAST, SCA, IaC scanning, supply-chain scanning, CSPM, CWPP, SIEM, SOAR, EDR/XDR)

Build and maintain automated security testing and compliance validation in CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, ArgoCD, Azure DevOps)

Develop and support reusable automation frameworks and APIs for vulnerability data exchange, control testing, and alerting

Use Infrastructure-as-Code (IaC) and Policy-as-Code (PaC) technologies (Terraform, CloudFormation, OPA, Conftest) to continuously enforce governance and compliance controls

Collaborate with the Application Security team on code scanning, vulnerability triage, and secure code‑review automation

Integrate and maintain unified observability solutions, consolidating metrics, traces, and logs across OpenTelemetry, Prometheus, DataDog, AWS CloudWatch, and Sumo Logic

Develop and enforce security and performance observability standards for services and environments

Collaborate with the SecOps team to link security telemetry with detection rules, correlation logic, and automated response systems

Support metrics collection and dashboards to assess observability coverage and detection performance

Implement secure configurations and controls across AWS, Azure, and GCP environments using CSPM, CWPP, Zero Trust, and workload‑protection tools

Embed visibility and control baselines into multi‑cloud and containerized environments

Contribute to automation for compliance and configuration validation using CIS, NIST, and FedRAMP benchmarks

Partner with Cloud and Infrastructure teams to ensure cloud security posture meets enterprise standards

Collect and report DevSecOps metrics related to vulnerability reduction, automation coverage, observability, and compliance

Identify opportunities to improve tool integrations, automation pipelines, and detection methods

Research and pilot emerging technologies, including AI/ML‑based threat detection, runtime protection, and automated remediation tools

Support the implementation of Bandwidth’s AI Security Framework to uphold the security, privacy, and ethical use of AI systems

Collaborate with Security and Product teams on threat modeling and validation for AI/ML systems, addressing model integrity, prompt injection, data leakage, and bias mitigation

Contribute to internal automations for AI model testing, ensuring adherence to information security controls

Support Security Champion initiatives to promote secure coding awareness, tooling adoption, and security accountability across engineering teams

Contribute to secure development training, internal workshops, and tool onboarding sessions

Partner with Product and Development teams to design developer‑friendly security integrations balancing usability and compliance

Serve as technical liaison between InfoSecOps, Engineering, and Cloud for monitoring, alert correlation, and automated playbooks

Automate compliance controls and evidence collection for SOC 2, ISO 27001, HIPAA, and FedRAMP certifications

Participate in incident response reviews and develop automation improvements after major events

Qualification

DevSecOps engineeringCloud securitySecurity tooling integrationAutomation frameworksCI/CD pipelinesInfrastructure-as-CodeScripting PythonScripting GoScripting PowerShellSecure SDLC methodologiesObservability solutionsCommunicationCross-team collaboration

Required

Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related technical discipline

Minimum 4 years of combined experience in Information Security, Cloud Security, or DevSecOps engineering

Hands-on experience integrating security tooling, automation, and observability in enterprise CI/CD and cloud environments

Demonstrated collaboration with SOC, AppSec, and SRE teams to enhance detection, response, and overall security hygiene

Proficient in secure SDLC methodologies (OWASP SAMM, BSIMM) and MITRE ATT&CK frameworks

Strong automation experience using GitHub Actions, GitLab CI, or Jenkins

Skilled in writing IaC to manage platforms and tools

Skilled in scripting (Python, Go, PowerShell) for security automation and system integration

Familiarity with observability stacks (OpenTelemetry, Prometheus, Grafana, Sumo Logic, DataDog)

Experience with multi-cloud security, Zero Trust principles, and identity federation (OAuth2, OIDC, SAML)

Excellent communication, documentation, and cross-team collaboration skills

Preferred

Professional certifications such as CISSP, CISM, CCSP, AWS Security Specialty, or Kubernetes Security Specialist preferred

Experience implementing AI/ML-based anomaly detection and predictive analytics

Familiarity with data-privacy automation (GDPR, CCPA) and confidential computing

Background in telecom, SaaS, or other high-availability architectures

Participation in open-source DevSecOps or observability communities

Experience with Redhat OpenShift, Kubernetes, AWS

Benefits

100% company-paid Medical, Vision, & Dental coverage for you and your family with low deductibles and low out-of-pocket expenses.

All new hires receive four weeks of PTO.

PTO Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your PTO – not even with email.

Additional PTO can be earned throughout the year through volunteer hours and Bandwidth challenges.

“Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.

90-Minute Workout Lunches and unlimited meetings with our very own nutritionist.

Company

Bandwidth Inc.

Glassdoor3.9

Bandwidth is the universal communications platform that simplifies how businesses deliver integrated global experiences.

Founded in 1999

Raleigh, North Carolina, USA

1001-5000 employees

http://www.bandwidth.com

H1B Sponsorship

Bandwidth Inc. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (11)

2024 (5)

2023 (14)

2022 (13)

2021 (14)

2020 (6)

Funding

Current Stage

Public Company

Total Funding

$20.5M

Key Investors

Portolan Capital ManagementAilanthus Capital Management

2018-06-27Post Ipo Equity

2018-01-11Post Ipo Equity

2017-11-10IPO

Leadership Team

Scott Mullen

CTO

Kade Ross

CIO

Recent News

TradingView

Bandwidth Inc. Announces Board Member Resignation

2025-12-05

Business Wire

ATLANTIC-ACM Announces 2025 U.S. Wholesale Service Provider Excellence Awards

2025-12-03

thefastmode.com

MEF Unites CPaaS Leaders to Combat Business Messaging Fraud

2025-11-05

Company data provided by crunchbase