Senior InfoSec Engineer (SecDevOps) / New York

We are seeking a highly skilled Senior InfoSec Engineer (SecDevOps) to strengthen the security posture of our development, cloud, and infrastructure environments. This role serves as a critical bridge between Security, Development, and Operations teams, ensuring that security is embedded throughout the software development lifecycle and cloud deployment processes.

The ideal candidate will possess strong expertise in cybersecurity, DevOps practices, cloud security, risk management, and automation. You will be responsible for implementing secure-by-design principles, enhancing CI/CD security, identifying and mitigating security risks, and promoting security best practices across engineering teams.

As a subject matter expert (SME), you will assess cybersecurity risks, evaluate security controls, support compliance initiatives, and contribute to the development of secure software delivery frameworks. This role requires hands-on technical experience combined with strategic thinking to support secure digital transformation and cloud-native application development.

Key Responsibilities

DevSecOps & Secure Development

• Design, implement, and maintain secure CI/CD pipelines that support rapid and secure software delivery.
• Integrate security controls throughout the Software Development Life Cycle (SDLC).
• Collaborate with development, infrastructure, and cloud engineering teams to embed security into development workflows.
• Implement security automation within build, deployment, and release processes.
• Promote secure coding practices and software security standards across engineering teams.

Security Assessment & Risk Management

• Conduct vulnerability assessments, risk analyses, and security reviews across applications, infrastructure, and cloud environments.
• Identify security weaknesses and recommend remediation strategies.
• Evaluate cybersecurity risks against established security frameworks, standards, and organizational policies.
• Perform threat modeling and security architecture reviews for new applications and infrastructure initiatives.
• Monitor risk exposure and provide recommendations aligned with business risk tolerance levels.

Cloud & Infrastructure Security

• Secure cloud environments across AWS, Azure, and hybrid infrastructures.
• Implement identity and access management (IAM), network security, encryption, and cloud governance controls.
• Review and enhance cloud security configurations and deployment architectures.
• Support container and Kubernetes security initiatives.
• Collaborate on security requirements for third-party vendors, integrations, and outsourced technology solutions.

Security Automation & Monitoring

• Automate security testing, compliance checks, and vulnerability scanning processes.
• Implement and maintain security monitoring and alerting solutions.
• Support incident detection, response, and remediation activities.
• Improve security operations through automation and workflow optimization.
• Develop security dashboards, reporting mechanisms, and compliance monitoring processes.

Compliance, Governance & Documentation

• Develop and maintain security policies, standards, procedures, and operational documentation.
• Support compliance initiatives related to industry standards and regulatory requirements.
• Document security findings, risk assessments, and remediation plans.
• Participate in internal and external security audits.
• Advocate for continuous security improvement across the organization.

Security Awareness & Leadership

• Provide security awareness training and guidance to engineering and business teams.
• Mentor developers and operations teams on secure development and deployment practices.
• Stay informed on emerging cybersecurity threats, vulnerabilities, and security technologies.
• Act as a security advisor for business initiatives and technology projects.
• Escalate critical security concerns and risks to leadership when necessary.

Required Skills

Security & DevSecOps Expertise

• Strong experience implementing DevSecOps principles and secure software delivery practices.
• Deep understanding of application security, infrastructure security, and cloud security concepts.
• Experience securing CI/CD pipelines and development environments.
• Knowledge of secure coding standards, software security testing, and vulnerability management.
• Experience with threat modeling, risk assessments, and security architecture reviews.

Cloud & Infrastructure Security

• Strong understanding of AWS, Azure, or multi-cloud security practices.
• Experience securing Kubernetes, Docker, and containerized environments.
• Knowledge of identity and access management (IAM), secrets management, and cloud governance.
• Familiarity with Infrastructure as Code (Terraform, CloudFormation, ARM Templates) security practices.
• Understanding of network security, encryption, and cloud-native security controls.

Professional Skills

• Strong analytical and problem-solving capabilities.
• Excellent communication and stakeholder management skills.
• Ability to balance security requirements with business objectives.
• Strong documentation and reporting abilities.
• Experience working with cross-functional technical teams.
• Ability to lead security initiatives and influence engineering practices.

Education

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Information Technology, Software Engineering, or a related field.
• Master’s degree in Cybersecurity, Information Assurance, or related disciplines is an advantage.
• Equivalent combination of education and practical experience may be considered.