RJW Logistics Group · 21 hours ago
Senior DevSecOps Engineer
Bolingbrook, IL
Part-time
Onsite
Senior Level
5+ years expRJW Logistics Group is seeking a Senior DevSecOps Engineer responsible for designing, implementing, and operating security controls across the software development lifecycle. This role involves close collaboration with Engineering teams and IT Operations to embed security in development workflows and CI/CD pipelines, ensuring scalable and repeatable security outcomes.
Transportation/Trucking/Railroad
Responsibilities
Design, implement, and maintain security controls across all SDLC phases
Translate security policy, OWASP guidance, and SOC-aligned requirements into engineering standards and pipeline controls
Embed security checks and guardrails into Agile and DevOps workflows (Jira Software, Azure DevOps)
Ensure SDLC controls generate reliable, repeatable audit evidence supporting SOX and SOC 1 / SOC 2 assessments
Perform application risk profiling and threat modeling for new and materially changed systems
Review application, API, and platform architectures from a security and risk perspective, providing guidance on required security controls and integration patterns
Design and implement security architecture components, guardrails, and shared controls supporting: + Azure PaaS resources and identity integrations (Entra ID, Azure B2C/External ID) + Web applications hosted on IIS and Node.js + APIs and externally exposed services + Data platforms including Microsoft SQL, Oracle SQL, CosmosDB, Databricks, and Microsoft Fabric
Partner with architects and engineers to ensure alignment with approved security patterns and baselines, without owning application code or business logic
Secure CI/CD pipelines and Git-based workflows
Implement application security tooling integrations and tune results for actionable signal
Integrate SAST, DAST, SCA, image scanning, and secrets detection into pipelines
Implement secure secret management, pipeline access controls, and deployment protections
Configure and maintain security controls for Web Application Firewalls (WAF), API gateways, and ingress layers
Define security testing requirements and acceptance criteria aligned to SDLC controls
Implement and maintain automated security testing workflows
Validate remediation of application and pipeline security findings
Maintain traceability between findings, fixes, Jira tickets, and generated audit evidence
Participate in incident response activities related to application, pipeline, and identity security
Support root-cause analysis and implement preventative improvements through enhanced observability and security telemetry
Validate backup, restore, and disaster recovery controls with a security and access-control focus
Define and track security metrics supporting continuous improvement and SOC evidence requirements
Qualification
Required
Bachelor's degree in Computer Science, Information Security, Information Systems or a related field
Minimum 5 years of experience in DevSecOps, application security, or secure platform engineering
Demonstrated experience implementing and operating security controls across CI/CD, cloud, and SDLC environments
Strong foundational knowledge across DevOps and platform engineering, including: Core networking concepts (VPC/VNet, DNS, TCP/IP, TLS, load balancing, proxies, firewall/NSG), Windows and Linux systems (processes, permissions, filesystems, networking, troubleshooting), Git-based workflows (branching strategies, pull requests, releases), Scripting and automation (PowerShell, Bash, and/or Python)
Strong hands-on experience implementing DevSecOps security controls, including: Secure SDLC practices and OWASP guidance (from a control, tooling, and risk perspective), Azure cloud security and identity services (Entra ID, Azure B2C/External ID), CI/CD pipelines, Git-based workflows, and build/deploy automation, Containers and orchestration fundamentals (Docker, Kubernetes) and Infrastructure as Code (Terraform, Ansible), Vulnerability management tooling (SAST, DAST, SCA, image scanning)
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations
Ability to write reports, business correspondence, and procedure manuals
Ability to effectively present information and respond to questions from groups of managers, clients, and customers
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals
Ability to compute rate, ratio, and percent and to draw and interpret bar graphs
Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists
Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form
Ability to determine “root cause” of problem and determine corrective action
To perform this job successfully, an individual must have knowledge of Business Operating Systems, Internet software, Word Processing, and Spreadsheet software
Preferred
Microsoft security certifications aligned to Azure, identity, and cloud architecture (e.g., SC-100, AZ-500, SC-300)
Industry-recognized security certifications such as CSSLP, CISSP, CISM, or relevant GIAC credentials
Company
RJW Logistics Group
RJW Logistics Group is a leading retail logistics and consolidation provider that out-performs the market by bringing your product to the retail shelf on-time, in-full, and at a lower overall cost.
1001-5000 employees
H1B Sponsorship
RJW Logistics Group has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2021 (2)
Funding
Current Stage
Late StageLeadership Team
Todd Davenport
Chief Financial Officer
Condy Dixon
Chief Operating Officer
Company data provided by crunchbase