DevSecOps Engineer | Scrabble & Jigsaw
Posted on January 17, 2026
Job Description
<meta charset="UTF-8" />
<p><b>DevSecOps Engineer Job</b></p>
<p><b>Description</b></p>
<p>We're looking for an experienced <b>DevSecOps Engineer</b> with <b>7+ years of experience</b> to join</p>
<p>our team. In this role, you'll be instrumental in integrating security best practices throughout our</p>
<p>entire software development lifecycle (SDLC). You'll bridge the gap between development,</p>
<p>security, and operations, ensuring our applications and infrastructure are secure from the</p>
<p>get-go.</p>
<p><b>Responsibilities:</b></p>
<p>• <b>Design and Implement Security Automation:</b> Architect and deploy automated</p>
<p>security tools within our CI/CD pipelines to perform static application security testing</p>
<p>(SAST), dynamic application security testing (DAST), and container security scanning.</p>
<p>• <b>Secure Cloud Infrastructure:</b> Work with cloud services (AWS, Azure, GCP) to</p>
<p>ensure our infrastructure is configured securely, adhering to best practices like the</p>
<p>principle of least privilege and network segmentation.</p>
<p>• <b>Threat Modeling and Risk Assessment:</b> Conduct regular threat modeling exercises</p>
<p>to identify potential security vulnerabilities and work with development teams to</p>
<p>mitigate risks.</p>
<p>• <b>Incident Response and Monitoring:</b> Develop and maintain security monitoring and</p>
<p>alerting systems to detect and respond to security incidents.</p>
<p>• <b>Security Policy and Compliance:</b> Define and enforce security policies, standards,</p>
<p>and procedures to ensure compliance with industry regulations and internal</p>
<p>requirements.</p>
<p>• <b>Collaboration and Training:</b> Collaborate with development, QA, and operations</p>
<p>teams to embed security culture. Provide training and guidance on secure coding</p>
<p>practices and security tools.</p>
<p>• <b>Customer Security Assessments:</b> Support responses to customer information</p>
<p>security questionnaires, ensuring accurate representation of our security controls and</p>
<p>practices.</p>
<p>• <b>SOC 2 and Compliance Programs</b>: Lead or assist in maintaining the company’s</p>
<p>SOC 2 certification and other compliance programs, including gathering evidence,</p>
<p>coordinating with auditors, and driving continuous improvement of controls.</p>
<p><b>Required Skills and Qualifications:</b></p>
<p>• <b>Experience:</b> 7-10years of professional experience in a DevSecOps, DevOps, or a</p>
<p>security-focused role.</p>
<p>• <b>CI/CD Tools:</b> Proficient with CI/CD tools like <b>Jenkins, GitLab CI, or CircleCI</b>.</p>
<p>• <b>Scripting:</b> Strong scripting skills in languages such as <b>Python, Bash, or PowerShell</b></p>
<p>for automation.</p>
<p>• <b>Cloud Platforms:</b> Hands-on experience with at least one major cloud provider (<b>AWS,</b></p>
<p><b>Azure, or GCP</b>) and familiarity with infrastructure as code tools like <b>Terraform,</b></p>
<p><b>Pulumi or CloudFormation</b>.</p>
<p>• <b>Security Tools:</b> Expertise with security tools for <b>SAST (e.g., SonarQube, Fortify),</b></p>
<p><b>DAST (e.g., Burp Suite, OWASP ZAP), and container security (e.g., Clair, Trivy)</b>.</p>
<p>• <b>Containerization and Orchestration:</b> Experience with <b>Docker and Kubernetes</b>.</p>
<p><b>Soft Skills:</b> Excellent problem-solving, communication, and collaboration skills.</p>
<p><b>Preferred Qualifications</b></p>
<p>• Relevant certifications such as <b>CISSP, SANS GIAC, or AWS/Azure Security</b></p>
<p><b>Specialist</b>.</p>
<p>• Experience with a security information and event management (<b>SIEM</b>) system like</p>
<p>Splunk or ELK Stack.• Familiarity with compliance frameworks like <b>PCI DSS, HIPAA, or SOC</b></p>