Talent.com
DEVSECOPS & APPLICATION SECURITY
DEVSECOPS & APPLICATION SECURITYeTeam • Houston, TX, United States
DEVSECOPS & APPLICATION SECURITY

DEVSECOPS & APPLICATION SECURITY

eTeam • Houston, TX, United States
8 hours ago
Job type
  • Full-time
Job description

Key Responsibilities

  • Security by Design : Embed security requirements into CI / CD pipelines, infrastructure-as-code (IaC), and application architectures.
  • Automation & Tooling : Configure and maintain security scanning tools (SAST, DAST, SCA, container scanners) within automated build and deployment workflows.
  • Vulnerability Management : Triage, prioritize, and remediate vulnerabilities discovered in code, containers, and cloud environments; drive fixes and track metrics.
  • Incident Response Support : Assist in investigation of security incidents related to applications or infrastructure; write playbooks and run tabletop exercises.
  • Infrastructure Security : Implement and enforce secure configuration and hardening standards for cloud platforms (AWS, Azure, GCP) and Kubernetes clusters.
  • Policy & Compliance : Define, document, and enforce security policies, standards, and guidelines aligned with industry frameworks (OWASP, CIS Benchmarks, NIST).
  • Threat Modeling & Risk Assessment : Lead or participate in threat modeling sessions for new features; provide risk-based recommendations.
  • Training & Evangelism : Conduct security awareness workshops for developers and DevOps teams; champion "shift-left" security culture.

Required Qualifications

  • Experience : 5+ years in DevSecOps, cloud security, or application security roles.
  • Security Toolchain : Hands-on with static analysis (e.g., SonarQube, Fortify), dynamic analysis (e.g., ZAP, Burp Suite), software composition analysis (e.g., Snyk, Black Duck), and container scanning (e.g., Clair, Trivy).
  • CI / CD Integration : Expertise automating security gates in Jenkins, GitLab CI / CD, GitHub Actions, or equivalent.
  • Cloud & IaC : Proficiency with AWS / Azure / GCP security services, Terraform / CloudFormation, and Kubernetes security (PodSecurityPolicy, OPA / Gatekeeper).
  • Programming / Scripting : Strong skills in Python, Go, or Bash for automation and custom tool development.
  • Standards & Frameworks : Deep understanding of OWASP Top 10, CIS Benchmarks, NIST 800-53 / 800-190.
  • Vulnerability Management : Solid experience with vulnerability scanners (Nessus, Qualys) and issue-tracking systems.

    • Preferred Qualifications

  • Certifications : CISSP, CSSLP, GCP Professional Cloud Security Engineer, AWS Security Specialty, or equivalent.
  • DevOps Background : Prior hands-on experience in software development, infrastructure engineering, or platform engineering.
  • Container Security : Familiarity with service meshes (e.g., Istio), runtime protection tools (e.g., Falco), and supply chain security (e.g., Sigstore).
  • Threat Client & Red Teaming : Experience with penetration testing, threat intelligence feeds, or purple-team exercises.
    • Create a job alert for this search

    Application Security • Houston, TX, United States