Position Overview
We are seeking experienced DevSecOps Engineers to join our Platform and Product Development team. This role focuses on implementing security-first GitOps workflows and Security as Code principles to enable secure Environment on Demand capabilities across our AWS cloud platform. The successful candidate will design and maintain comprehensive security automation, threat detection, and compliance frameworks while ensuring that security controls are seamlessly integrated into our GitOps-driven development lifecycle.

Key Responsibilities
Security as Code & GitOps Implementatio
Advanced SIEM/SOAR Operations & Threat Detecti
CI/CD Security Pipeline Architectu
Enterprise Secrets & Privilege Access Management

Core Security Technologies

SIEM/SOAR: Datadog Security Monitoring, AWS Security Hub, GuardDuty integration, and automated incident response
Container Security: NeuVector, Falco, OPA/Kyverno policy enforcement, and Kubernetes security patterns
GitOps Security: Argo CD security integration, secure Git workflows, and security policy enforcement in deployment pipelines
Programming: Python, TypeScript, Bash scripting for security automation and integration development

Cloud Security & Compliance

AWS Security: IAM, Secrets Manager, Security Hub, Config, CloudTrail, GuardDuty, WAF, and VPC security
Identity Management: AWS SSO, Azure Entra ID, SAML/OIDC federation, and privileged access management
Compliance Frameworks: SOC 2, ISO 27001, GDPR, PDPO and automated compliance validation
PKI & Certificates: AWS Certificate Manager, Private CA, HashiCorp Vault PKI, and automated certificate management

Security Testing & Validation

Security Scanning: SAST (SonarQube, JFrog, Snyk, Datadog), DAST (OWASP ZAP, Snyk, Datadog), SCA (Snyk, JFrog), container scanning (Trivy), and secrets detection
Penetration Testing: Metasploit, Burp Suite, Nmap, Prowler for automated penetration testing, and security validation frameworks
Chaos Engineering: Gremlin, Chaos Toolkit, LitmusChaos for security resilience testing and failure injection
Threat Detection: Machine learning-based anomaly detection,behavioral analytics, and threat intelligence integration

Required Experience

5+ years of cybersecurity engineering experience with cloud security and automation
3+ years of AWS security services experience and cloud-native security architecture
3+ years of Security as Code implementation using Infrastructure as Code tools (Terraform)
2+ years of SIEM/SOAR operations and automated incident response experience
Experience with container security, Kubernetes security policies, and DevSecOps practices
Knowledge of compliance frameworks, audit requirements, and regulatory security standards

Preferred Qualifications

AWS Security Certifications: Security Specialty, Solutions Architect, DevOps Engineer Professional
Security Certifications: CISSP, CISM, CEH, GSEC, or equivalent cybersecurity certifications
Cloud Security Certifications: CCSP (Certified Cloud Security Professional) or equivalent
Experience with financial services or wagering industry environments
Knowledge of threat hunting, digital forensics, and advanced persistent threat (APT) analysis

Tools & Technologies You'll Use

Security Platforms: Datadog Security Monitoring, AWS Security Hub, GuardDuty, NeuVector, Falco
SIEM/SOAR: Datadog SIEM, AWS CloudTrail, automated incident response, threat intelligence integration
Security Testing: SonarQube Cloud, OWASP ZAP, Snyk, Trivy, Metasploit, Burp Suite, Prowler
Secrets Management: AWS Secrets Manager, HashiCorp Vault, PKI & certificate automation
GitOps Security: Argo CD, Terraform, OPA/Kyverno, GitHub Advanced Security, CloudBees CI
Development: Python, TypeScript, VS Code, Git/GitHub Enterprise, Docker, Kubernetes, AWS CLI

DevSecOps Engineer

Job Description

Recent Jobs.