Staff DevSecOps Engineer

Summary

Join BeyondTrust as a Staff DevSecOps Engineer and contribute to building and implementing the Engineering team's DevSecOps strategy, focusing on SAST and CI/CD tooling. You will architect, implement, and scale security practices across the software development lifecycle, ensuring secure deployments while maintaining compliance. This role requires technical leadership, collaboration, and a deep understanding of DevOps, security, and software development workflows. You will develop best practices and tooling for DevSecOps, collaborate with cross-functional teams, and secure codebases and pipelines. The position demands expertise in CI/CD tooling, security by design, automation and infrastructure security, and compliance and governance. Leadership and collaboration skills are essential.

Requirements

• Bachelor’s degree in Computer Science, Engineering, or a related field; advanced degree preferred
• 10+ years of experience in Operations, DevOps, DevSecOps, or related engineering roles
• Expertise in building out application security pipelines and CI/CD platforms using tools such as GitHub Actions, Jenkins, and/or Azure DevOps
• Proficiency in programming/scripting languages like Python, Go, or Typescript
• Hands-on experience with IaC tools (Terraform, OpenTofu, CloudFormation) and cloud platforms (AWS, Azure)
• Strong understanding of application security, container security (Docker, Kubernetes), and cloud security (AWS or Azure Services)
• Knowledge of modern software delivery paradigms, including microservices and serverless architectures
• Familiarity with security frameworks and standards (OWASP, NIST, CIS)
• Exceptional problem-solving skills, communication, and ability to work in a fast-paced environment

Responsibilities

• Develop best practices and tooling for implementing a DevSecOps approach that helps secure BeyondTrust’s CI/CD while enabling our Engineering teams to adopt these approaches seamlessly
• Collaborate with cross-functional teams, including application security engineers, Engineering leadership, software engineers, SREs, and product managers, to drive secure development initiatives
• Secure our codebases and pipelines from misuse, bad coding practices, vulnerable dependencies, and exposed secrets
• Develop and implement tooling for Static Application Security Testing (SAST) along with improving analytics in Github Security Centre
• Implement a robust end-to-end process in partnership with Application Security teams for Code Scanning, Secret Scanning, and Dependency Reviews
• Establish and enforce policies for secure code development and vulnerability management
• Automate remediation workflows to streamline vulnerability fixes and improve code quality
• Design and enhance secure CI/CD pipelines to ensure secure, automated, and reliable software delivery
• Implement guardrails and security checks (e.g., static/dynamic analysis, software composition analysis) into CI/CD pipelines
• Standardize and optimize tools like Jenkins, GitHub Actions, Azure DevOps, or other CI/CD platforms
• Champion secure coding practices and lead efforts to embed security in all stages of the SDLC
• Collaborate with development teams to identify and mitigate risks early in the development lifecycle
• Provide technical leadership for implementing industry best practices in application security and cloud-native environments
• Develop and manage infrastructure-as-code (IaC) security processes
• Automate security tasks, including testing, monitoring, and alerting for potential threats
• Drive continuous improvement through automated patch management and dependency updates
• Ensure CI/CD and GitHub workflows comply with regulatory requirements (e.g., SOC 2, GDPR)
• Develop and maintain metrics and reporting to demonstrate the Engineering teams' security program effectiveness
• Serve as a subject-matter expert and mentor for engineers on DevOps and DevSecOps principles and tooling
• Lead incident response and forensic investigations related to DevSecOps environments

Preferred Qualifications

• Certifications such as AWS Certified Security, Certified DevSecOps Professional, or CISSP
• Experience with SAST/DAST tools like SonarQube or Burp Suite
• Experience hardening SCM codebases using tools such as Legitify, Scorecard or Allstar
• Experience rolling out GenAI tools for Software Engineers with a Security-First approach