Expert DevSecOps Engineer

DevSecOps Engineer (Application Security) MissionSquare, a leading financial services corporation, is seeking a highly technical DevSecOps Engineer (Application Security) to embed secure coding practices and DevSecOps methodologies throughout the software development lifecycle. $128,490.00 - $205,580.00 Overview The role focuses on integrating robust security controls into CI/CD pipelines, automating AppSec tooling, and ensuring adherence to secure development principles across multidisciplinary teams. Essential Functions Build relationships with developers, stakeholders, and scrum masters to incorporate security principles into engineering design and application deployments – 20% Perform security testing and validation of application security controls across projects – 15% Oversee the implementation of defensive security practices and countermeasures across applications and supporting infrastructure – 15% Uphold CI/CD security strategy and practices in partnership with other technical leads – 10% Demonstrate experience with SAST, SCA, DAST, and IaC scanning tools and methodologies – 20% Identify vulnerabilities in code through automated and manual assessments and promote efficient remediation – 10% Apply threat modeling principles to improve design and development practices – 10% Serve as a point of contact for security‑based escalations and remain closely involved in resolution activities Build services and tools that enable developers and engineers to adopt security components easily Simplify and enhance automation that applies security controls within CI/CD pipelines Support shift‑left initiatives by incorporating security early and throughout the development lifecycle Leverage foundational cloud security architecture knowledge (IAM, containers, baseline hardening) Perform other duties as assigned Qualifications Bachelor’s degree (BA/BS) in Finance, Accounting, Business, or a related field, or equivalent professional experience At least 7+ years of experience in information technology, information security administration, or security operations Experience with agile workflows, including Scrum and Kanban Understanding of containers (e.g., Docker), container orchestration (Docker Swarm, Kubernetes) Understanding of CloudFormation, Terraform, Ansible, and Jenkins Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols, and devices Proven experience with AWS and Microsoft Azure Proven experience with GitHub Actions Hands‑on experience with WIZ and application security testing (BURP) Ability to obtain and maintain technical and business support for collaborative risk reduction Strong scripting skills in Python, Bash, Perl, or PowerShell Understanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle (SLDC) Preferred Certifications CISSP

GIAC (GCSA, GWAPT)

AWS (SSO) or equivalent security certifications Benefits Competitive Total Rewards package, including base pay, incentive programs, benefits, and a 401(k) plan with matching contributions Flexible and hybrid work schedules to support work‑life balance Tuition reimbursement to support continued education Professional and career development opportunities, including courses and certifications Comprehensive wellness programs promoting physical, mental, and emotional health Volunteerism initiatives to encourage community engagement Equal Employment Opportunity MissionSquare is an Equal Opportunity Employer. We strive to create an environment that reflects the value and diversity of our employees and fosters respect among them. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or any other protected classification under applicable law. MissionSquare cannot sponsor or hire candidates with H1B, STEM, or OPT visas for this role. #J-18808-Ljbffr LE_ICMA-RC International City Management Association Retirement Corporation