DevSecOps Security Automation Engineer

Summary: The role of a Security Automation Engineer focuses on enhancing security measures through automation, risk assessments, and vulnerability testing. The engineer will collaborate with various teams to integrate security best practices into the software development lifecycle and manage third-party dependencies. The position requires a strong background in security engineering and automation tools. The ideal candidate will also be responsible for maintaining documentation and generating reports on security metrics.

Key Responsibilities:

• Investigate, monitor, and assess security risks associated with third-party dependencies, including base Docker images, libraries, and tools.
• Conduct detailed assessments of security vulnerabilities related to third-party components and recommend effective mitigation strategies.
• Develop and maintain a continuous testing process for exposed interfaces.
• Identify vulnerabilities, prioritize remediation, and support development teams in fixing security issues.
• Work closely with engineering, QA, and operations teams to integrate security best practices into the software development lifecycle (SDLC).
• Provide technical guidance and security insights to cross-functional stakeholders.
• Design and implement automated workflows for managing GitHub access, ensuring secure, efficient, and compliant user management.
• Automate routine audit checks and integrate advanced tools to streamline and enhance the overall security audit process.
• Maintain comprehensive documentation of security procedures, test results, risk assessments, and process improvements.
• Generate clear, actionable reports on security metrics, vulnerabilities, and remediation progress.

Key Skills:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 3+ years of experience in security engineering, with emphasis on automation, DevSecOps, and vulnerability management.
• Hands-on experience with security tools and platforms, including GitHub, GitHub Actions, Docker, and SonarCloud.
• Strong understanding of security best practices, risk mitigation strategies, and threat modeling.
• Excellent analytical, troubleshooting, and problem-solving skills.
• Ability to communicate complex technical concepts clearly to technical and non-technical audiences.
• Experience with package management tools (e.g., Debian/apt, Maven, Python/pip).
• Familiarity with AWS Cloud security, CI/CD pipelines, and DevSecOps methodologies.
• Experience working in Agile environments and cross-functional collaboration.
• Proficiency in scripting and automation (e.g., Python, Bash) for security workflows.
• Relevant security certifications (e.g., Security+, GSEC, CEH, GCIH, AWS Security Specialty).

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT