SDLC Security Operations Engineer (DevSecOps) jobs in United States
cer-icon
Apply on Employer Site
company-logo

NorthBay - Pakistan · 3 days ago

SDLC Security Operations Engineer (DevSecOps)

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date7+ years exp

NorthBay is seeking a hands-on SDLC Security Operations Engineer to embed security controls into CI/CD pipelines for a larger enterprise customer. The role focuses on operationalizing DevSecOps, integrating scanning tools, and ensuring SDLC controls align with various compliance standards.

ArchitectureCloud ComputingConsultingDevOpsSoftware

Responsibilities

Integrate and operate security controls across CI/CD pipelines using GitHub, GitLab, Azure DevOps, and Jenkins
Implement and manage SAST/DAST, dependency scanning, secret scanning, and pipeline security gates (build-time enforcement)
Establish secure build and release practices: artifact integrity, signing/verification, and controlled promotions across environments
Implement secure secrets management practices and prevent credential leakage in repos and pipelines
Drive remediation workflows with developers: triage findings, validate fixes, reduce false positives, and improve rule tuning
Embed security checks for infrastructure-as-code and configuration where applicable; ensure consistent secure-by-default patterns
Support secure SDLC documentation, control mapping, and audit evidence for ISO 27001, SOC 2, etc. (policies, logs, approvals, attestations)
Contribute to developer enablement via secure coding guidance, playbooks, and integration patterns that reduce friction

Qualification

DevSecOpsCI/CD toolsSAST/DASTSecure SDLC conceptsLinux-based environmentsApplication security certificationsAWS Certified DevOps EngineerMicrosoft Azure certificationsAutomation skillsCollaboration skills

Required

7–9 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations
Strong hands-on experience with CI/CD tools: GitHub, GitLab, Azure DevOps, Jenkins
Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management)
Strong understanding of secure SDLC concepts (threat modeling basics, security testing, release governance)
Ability to collaborate deeply with engineering teams and translate findings into actionable fixes
Familiarity with Linux-based build environments and common developer workflows

Preferred

CSSLP or equivalent application security certifications
CISSP or CISM
PCIP (ISA) – PCI Professional (Internal Security Assessor)
Qualified Security Assessor (QSA) (where applicable/available)
CISA
AWS Certified DevOps Engineer – Professional
AWS Certified Security – Specialty
Microsoft Azure DevOps Engineer Expert (AZ-400)
Microsoft Azure Security Engineer Associate (AZ-500)

Company

NorthBay - Pakistan

twittertwittertwitter
company-logo
NorthBay is AWS Premier Consulting Partner and also partnered with VMware, CloudRail and SAP in support of our Customers’ AWS cloud journeys.
dateFounded in 2010
location
Andover, Massachusetts, USA
people-size201-500 employees
web-link
https://northbaysolutions.net

Funding

Current Stage
Growth Stage
Company data provided by crunchbase