DeveloperSecOps Engineer

Summary

Join TROOP, a remote-first, international company, as a DevSecOps Engineer. You will play a crucial role in bridging technical teams, clients, and stakeholders, implementing and managing security best practices throughout the development lifecycle and ensuring compliance. This position demands a strong background in security automation, cloud infrastructure, and compliance frameworks. You will be responsible for developing and implementing automated security testing, integrating security tools, managing compliance frameworks, and overseeing a bug bounty program. The ideal candidate possesses 5-8 years of experience in a related field, hands-on experience with compliance platforms, relevant security qualifications, and proven client interaction skills. TROOP offers a supportive and diverse culture, along with competitive benefits.

Requirements

• 5-8 years’ in DevSecOps, Security Engineering, or a related role, with a strong background in security practices within the DevOps lifecycle
• Hands-on experience implementing and managing compliance frameworks via platforms like Vanta
• Relevant security qualifications (GCP/AWS/Azure)
• Proven experience engaging with clients to understand their security requirements, compliance needs, and privacy expectations, including international (US-based) clients
• Experience working in fast-paced startup environments
• Proficiency in security automation tools, including SAST, DAST, container security, and configuration management
• Strong knowledge of CI/CD tools (GitLab CI) and infrastructure as code (Terraform)
• Experience with cloud platforms (GCP), containerization technologies (Kubernetes),networking, WAF and threat intelligence platforms (Cloudflare) with a focus on security and compliance
• Familiarity with data privacy and regulations, especially SOC 2 Type 2, and experience in implementing privacy-by-design principles
• Understanding of bug bounty program management and experience working with external researchers or bounty platforms
• Ability to translate legal and regulatory requirements into actionable security policies and controls within the DevSecOps environment
• Ability to work collaboratively with cross-functional teams, including Engineering, Product, and client-facing teams
• Excellent communication and interpersonal skills, with the ability to explain complex security concepts in clear, professional English to non-technical stakeholders and clients
• Strong problem-solving skills with a proactive and solution-oriented mindset

Responsibilities

• Develop and implement automated security testing within CI/CD pipelines, including static analysis, dynamic analysis, and dependency scanning
• Integrate security tools to automate vulnerability detection, access control, configuration management, and compliance monitoring
• Continuously improve security policies, processes, and tools, adapting to new threats and changing regulatory requirements
• Engage with clients to understand their security requirements, compliance needs, and privacy expectations
• Facilitate security and compliance discussions with internal teams, clients, and stakeholders to ensure alignment with security goals and objectives
• Lead the implementation and management of compliance frameworks
• Develop and maintain Policy-as-Code to enforce compliance policies within the CI/CD pipeline, ensuring security controls are applied consistently across environments
• Conduct regular compliance audits, vulnerability assessments, and risk analyses to identify and mitigate potential compliance issues
• Establish, document, and maintain security policies, including a Written Information Security Program (WISP)
• Collaborate with the Operations team to manage the MDM and strengthen endpoint security policies and posture
• Implement and manage a bug bounty program, serving as the primary point of contact for vulnerability submissions and ethical hacker interactions
• Triage and prioritize reported vulnerabilities, coordinating with development and security teams for swift remediation
• Implement feedback loops to integrate insights from bug bounty reports into our security practices, minimizing recurring vulnerabilities

Benefits

• Paid Time Off : We provide 23 days per year, allowing you ample opportunity to relax, recharge, and have some well-deserved fun
• Comprehensive Health Coverage, 100% Covered and Tax Exempt with ASISA . Join Troop for worry-free health benefits — 100% tax-exempt coverage . Your well-being is our priority. (Available in Spain)
• Mental Health Budget : Yearly budget assistance for mental health support for all our employees
• Unforgettable Adventures : At TROOP, we cherish the bonds we create and the time we spend together. Each year, we embark on an incredible offsite to a surprise location, courtesy of TROOP. You'll have the opportunity to explore new cultures, create lasting memories, and bond with your colleagues in a unique and exciting way