DevSecOps Engineer - Hydrogen Group - United States

DevSecOps Engineer

Fully remote (working EST)

Salary: $128-170k

The DevSecOps Engineer (Application Security) is a highly technical role responsible for embedding security into every stage of the software development lifecycle. This individual will focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling to strengthen secure development practices.

The role requires strong expertise in application security, secure coding practices, and DevSecOps methodologies, along with a solid understanding of software development processes and foundational knowledge of infrastructure and operating systems.

Key Responsibilities

Build strong relationships with developers, product stakeholders, and agile teams to integrate security into application design and delivery (20%)
Perform security testing and validation of application security controls across multiple initiatives (15%)
Implement and enhance defensive security practices across applications and supporting infrastructure (15%)
Support and enforce CI/CD security strategies in collaboration with engineering and platform teams (10%)
Apply expertise in SAST, SCA, DAST, and Infrastructure-as-Code (IaC) scanning tools and methodologies (20%)
Identify vulnerabilities through automated scanning and manual code review; drive remediation efforts (10%)
Apply threat modeling techniques to strengthen application design and reduce risk (10%)
Act as an escalation point for application security issues and support resolution efforts
Develop and improve tools and services that enable developers to adopt security best practices efficiently
Automate and streamline security controls within CI/CD pipelines
Support “shift-left” security initiatives by embedding security early in the SDLC
Apply foundational cloud security knowledge, including IAM, container security, and baseline hardening practices
Perform other duties as assigned

Required Qualific