DevSecOps Engineer

DevSecOps Engineer Contract Type:

Full Time Location:

Washington Industry:

IT Contact Name:

Katie Jreij Contact Phone:

Date Published:

01-May-2026 DevSecOps Engineer Fully remote (working EST)

Salary:

$128-170k The DevSecOps Engineer (Application Security) is a highly technical role responsible for embedding security into every stage of the software development lifecycle. This individual will focus on advancing application security practices, integrating security controls into CI/CD pipelines, and automating security tooling to strengthen secure development practices. The role requires strong expertise in application security, secure coding practices, and DevSecOps methodologies, along with a solid understanding of software development processes and foundational knowledge of infrastructure and operating systems. Key Responsibilities Build strong relationships with developers, product stakeholders, and agile teams to integrate security into application design and delivery (20%) Perform security testing and validation of application security controls across multiple initiatives (15%) Implement and enhance defensive security practices across applications and supporting infrastructure (15%) Support and enforce CI/CD security strategies in collaboration with engineering and platform teams (10%) Apply expertise in SAST, SCA, DAST, and Infrastructure-as-Code (IaC) scanning tools and methodologies (20%) Identify vulnerabilities through automated scanning and manual code review; drive remediation efforts (10%) Apply threat modeling techniques to strengthen application design and reduce risk (10%) Act as an escalation point for application security issues and support resolution efforts Develop and improve tools and services that enable developers to adopt security best practices efficiently Automate and streamline security controls within CI/CD pipelines Support "shift-left" security initiatives by embedding security early in the SDLC Apply foundational cloud security knowledge, including IAM, container security, and baseline hardening practices Perform other duties as assigned Required Qualifications Bachelor's degree (BA/BS) in Finance, Accounting, Business, Computer Science, or a related field, or equivalent professional experience 7+ years of experience in information technology, information security administration, or security operations Experience working in Agile environments, including Scrum and Kanban methodologies Strong understanding of container technologies (e.g., Docker) and container orchestration platforms (e.g., Kubernetes, Docker Swarm) Experience with infrastructure automation and configuration tools such as CloudFormation, Terraform, Ansible, and Jenkins Proficiency in securing Windows and Unix/Linux operating systems, endpoint applications, network protocols, and related infrastructure components Scripting experience in one or more of the following: Python, Bash, Perl, or PowerShell Solid understanding of application security principles and frameworks, including OWASP Top 10, CVSS scoring, MITRE ATT&CK, and the software development lifecycle (SDLC) Preferred Certifications CISSP GIAC certifications (e.g., GCSA, GWAPT) AWS Security Specialty or related certifications ...