DevSecOps Engineer

Job TitleDevSecOps EngineerCompensation$140,000 – $195,000 USD / yr## Role OverviewWe are looking for a security-minded, automation-first DevSecOps Engineer to embed security into every stage of LockedIn AI’s software development and deployment lifecycle. This is a shift-left security role — you will ensure that security is not an afterthought bolted on at the end, but a fundamental part of how code is written, tested, built, deployed, and operated across a platform serving over 1 million users.As a DevSecOps Engineer, you will sit at the intersection of development, security, and operations. Your scope spans the entire software delivery pipeline — from secure coding practices and automated security testing in CI/CD pipelines, to infrastructure hardening and container security, to runtime monitoring and incident response.The ideal DevSecOps Engineer combines strong software engineering and DevOps skills with deep security expertise. You automate everything — from static and dynamic analysis in the build pipeline to vulnerability scanning in production. You understand that security at startup speed means building automated systems that protect without slowing anyone down.## Key Responsibilities### Secure CI/CD Pipeline Engineering* Design, implement, and maintain security-integrated CI/CD pipelines that automate security testing at every stage — from code commit through build, test, staging, and production deployment* Embed SAST, DAST, SCA, and secret scanning into automated build pipelines — ensuring vulnerabilities are caught before code reaches production* Implement container image scanning, infrastructure-as-code security validation, and dependency vulnerability checks as mandatory gates in the deployment pipeline* Build automated policy enforcement that blocks deployments failing security thresholds while providing developers with clear, actionable remediation guidance### Application Security & Secure Development Practices* Champion shift-left security practices — working directly with development teams to integrate secure coding standards, threat modeling, and security reviews early in the development process* Conduct security code reviews, architecture reviews, and threat modeling sessions for new features and services — identifying risks and recommending mitigations before code is written* Develop and maintain secure coding guidelines, security patterns, and reusable security libraries that make it easy for developers to build secure features by default* Track and remediate application vulnerabilities — managing the vulnerability lifecycle from discovery through prioritization, remediation, and verification### Infrastructure Security & Cloud Hardening* Implement infrastructure security best practices across cloud environments (AWS, GCP, or Azure) — including network segmentation, least-privilege IAM policies, encryption at rest and in transit, and security group management* Secure containerized environments — hardening Docker images, configuring Kubernetes security policies (network policies, pod security standards, RBAC), and implementing runtime container security monitoring* Manage Infrastructure as Code (IaC) security — scanning Terraform, Pulumi, or CloudFormation templates for misconfigurations, compliance violations, and security risks before deployment* Implement secrets management solutions (HashiCorp Vault, AWS Secrets Manager, or similar) that eliminate hardcoded credentials and enforce secure secret rotation and access controls### Security Monitoring, Detection & Incident Response* Build and maintain security monitoring and alerting systems — implementing SIEM integration, log aggregation, and anomaly detection that provide real-time visibility into security events across the platform* Develop detection rules, correlation queries, and automated response playbooks that identify and respond to security incidents — including unauthorized access, suspicious API activity, and infrastructure anomalies* Participate in on-call security rotations and lead security incident response — coordinating investigation, containment, remediation, and post-incident review* Monitor for AI-specific security events — including adversarial inputs to LLM systems, prompt injection attempts, and unauthorized model access### Vulnerability Management & Compliance* Own the vulnerability management lifecycle — discovering, prioritizing, tracking, and driving remediation of vulnerabilities across applications, infrastructure, containers, and dependencies* Implement automated vulnerability scanning across the full stack — including application code, third-party libraries, container images, cloud configurations, and AI model serving infrastructure* Ensure security controls and practices align with relevant compliance frameworks and industry best practices — building toward formal compliance readiness as the company scales* Maintain security documentation — including architecture diagrams, risk registers, security policies, and audit trails that support compliance and organizational knowledge sharing### Security Culture, Training & Cross-Functional Collaboration* Champion a “security as code” culture across the engineering organization — making security practices automated, transparent, and developer-friendly* Develop and deliver security training and awareness programs for engineering teams — including secure coding workshops, threat modeling sessions, and security tooling onboarding* Work closely with co-founders, engineering, product, and operations to align security priorities with business objectives and product roadmap* Stay current on the latest DevSecOps tools, security vulnerabilities, attack techniques, and industry best practices — continuously improving LockedIn AI’s security posture## Required Qualifications### Experience* 3+ years of experience in DevSecOps, application security, or a combined DevOps/security engineering role* Demonstrated experience integrating security tooling into CI/CD pipelines and automating security processes* Hands-on experience hardening cloud infrastructure, containerized environments, and software delivery pipelines* Experience working cross-functionally with engineering, security, and operations teams in a fast-moving environment* Startup or high-growth environment experience preferred — comfort working in ambiguity, moving fast, and wearing multiple hats### Education* Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Software Engineering, or a related field.* Relevant security certifications are a strong plus: CDP, OSCP, CKS, Security+, CISSP, or CEH — we value demonstrated security engineering skill over credentials.### Technical Skills* Strong proficiency in Python, Bash, or Go with experience writing security automation, tooling, and infrastructure code* Deep experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, ArgoCD, or similar) and integrating security scanning tools into automated pipelines* Hands-on expertise with containerization and orchestration security (Docker, Kubernetes) — including image hardening, pod security, network policies, and runtime security monitoring* Experience with IaC tools (Terraform, Pulumi, CloudFormation) and IaC security scanning (Checkov, tfsec, or similar)* Proficiency with security scanning tools — SAST (SonarQube, Semgrep), DAST (OWASP ZAP, Burp Suite), SCA (Snyk, Dependabot, Trivy), and secret scanning (GitLeaks, TruffleHog)* Experience with SIEM platforms, security monitoring, and log analysis (Splunk, Elastic, Datadog Security, or similar)### Strategic & Soft Skills* Security-first mindset with a developer-friendly approach: you build security systems that protect without creating friction — making the secure path the easiest path for developers* Strong written and verbal communication — you can write clear security policies, explain vulnerabilities to development #J-18808-Ljbffr Lockedinai