Senior DevSecOps Engineer

Position Overview

We are seeking an experienced Senior DevSecOps Engineer to join our Platform Engineering team. In this role, you will be responsible for architecting, implementing, and maintaining comprehensive security controls across our entire CI/CD pipeline and Kubernetes infrastructure. This position reports to the Director of Platform Engineering and plays a critical role in ensuring our organization meets Federal Reserve cybersecurity requirements and CRI (Cyber Risk Institute) profile compliance while enabling rapid, secure application delivery.

Primary Responsibilities

CI/CD Pipeline Security & Governance

· Design, build, and manage secure CI/CD pipelines using Azure DevOps and GitHub Advanced Security

· Implement and enforce security gates, policy-as-code controls, and approval workflows at every pipeline stage

· Integrate vulnerability scanning tools (SAST, DAST, SCA, container scanning) and aggregate findings into centralized reporting dashboards

Vulnerability Management

· Operationalize security scanning across multiple tools (GitHub Advanced Security, SonarQube, etc.)

· Build automated workflows to correlate, deduplicate, and prioritize vulnerability data from disparate sources

Runtime Security & Kubernetes Policy Enforcement

· Implement Kyverno policies to enforce container image security, network policies, and runtime constraints

· Design and deploy Kubernetes Pod Security Standards, network policies, and RBAC configurations

· Manage container image scanning, signing, and attestation in Azure Container Registry (ACR)

Zero Trust Architecture & Access Control

· Lead the design and implementation of zero trust security principles across infrastructure and applications

· Implement workload identity and managed identity solutions in Azure for application-to-service authentication

· Design network segmentation, microsegmentation policies, and encrypted inter-service communication

AI-Augmented Security Operations

· Identify, evaluate, and operationalize AI-powered security tools across the SDLC — code review assistants, automated triage agents, anomaly detection — establishing review patterns, prompt and policy controls, and audit trails appropriate to a regulated environment

· Define and enforce secure usage standards for AI coding assistants and agentic developer tools (data handling, secret-leak prevention, model and provider governance, validation of model output)

· Build internal automations using LLMs and MCP-style integrations to reduce toil in vulnerability triage, policy authoring, evidence collection for audits, and incident response

Required Qualifications

Experience

· 5+ years of software development, DevOps, or security engineering experience

· 5+ years of dedicated security or DevSecOps practice

· 3+ years of hands-on experience building and maintaining CI/CD pipelines at scale

· 3+ years of Kubernetes administration, security hardening, or platform engineering experience

Technical Skills

· CI/CD Platforms: Deep expertise in Azure DevOps and/or GitHub Actions

· GitHub Security Suite: Hands-on background with GitHub Secret Protection (secret scanning and push protection) and GitHub Code Security (code scanning, Dependabot, security overview); experience tuning detections, triaging alerts, enforcing repository-level policies at scale, and integrating findings into pipeline gates

· Kubernetes: Expert-level knowledge of Kubernetes architecture, security, and operational management in AKS

· Container Security: Hands-on experience with container image scanning, signing, and registry security

· Policy Engines: Hands-on experience with Kyverno (or equivalent: OPA/Gatekeeper, Kubewarden)

· Azure Platform: Proficiency with Azure services including AKS, ACR, Key Vault, Azure Policy, Azure DevOps

· Scripting & Automation: Strong scripting skills in PowerShell, Bash, Python, or Go

· Infrastructure as Code: Strong Terraform skills including module design, state management, and policy testing; experience codifying security baselines as reusable

infrastructure blueprints (Terraform modules and/or Azure Blueprints) to enforce guardrails at provisioning time · AI Tooling: Hands-on experience using AI coding assistants (e.g., GitHub Copilot, Claude Code, Cursor) to accelerate secure development; comfort evaluating, integrating, and operating AI-assisted security tooling — AI-driven SAST, agentic vulnerability triage, MCP-based pipeline automations — with appropriate guardrails for a regulated environment

Preferred Qualifications

· Zero Trust Architecture: Hands-on design and implementation of zero trust models in production environments

· Supply Chain Security: Experience with SBOM generation, attestation, provenance

· Certifications: CKS, AZ-500, AWS Security, CCSK, CISSP

· Prior experience in banking, financial services, or other highly regulated industries

Success Metrics & KPIs

· 100% of applications scanned before production deployment; zero critical or high vulnerabilities in production pipeline

· Compliance with SLA for critical/high/medium/low vulnerability remediation

· Achieve advanced maturity in zero trust architecture implementation

· Maintain control effectiveness rating in regulatory examinations

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as assigned by supervisor to meet the ongoing needs of the organization.

If any applicant is unable to complete an application or respond to a job opening because of a disability, please email us at [email protected] for assistance.