Senior DevSecOps Engineer

Job Number: 25-04054

Use your skills where innovative technology solutions begin. ECLARO is looking for a Senior DevSecOps Engineer for our client in St. Cloud, MN.

ECLARO’s client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you’re up to the challenge, then take a chance at this rewarding opportunity!

Position Overview:

• The Senior DevSecOps Engineer is responsible for designing, implementing, and maintaining secure, scalable, and resilient development and operational processes across the organization.
• This role drives a security-first culture, ensuring that both existing and emerging platforms adhere to best practices in security, compliance, and reliability.
• In partnership with software development, architecture, QA, and operations teams, the Senior DevSecOps Engineer empowers continuous integration and delivery (CI/CD) pipelines, automates processes, and provides technical leadership in secure coding, vulnerability assessment, and remediation.
• This role also serves as a trusted advisor to leadership and key stakeholders, sharing best practices and emerging trends in DevSecOps.
  
  

Salary: $120000.00 - $150000.00/Year

Responsibilities:

• Lead the design, implementation, and maintenance of CI/CD pipelines that integrate security controls at every stage.
• Ensure automated testing, vulnerability scanning, and compliance checks are performed continuously.
• Establish and maintain a robust application and infrastructure security posture, including vulnerability scanning, threat modeling, and penetration testing.
• Collaborate with development teams to remediate identified security gaps promptly
• Architect and maintain secure cloud environments in Azure, AWS, or Google Cloud.
• Champion best practices for container orchestration, including Kubernetes security, network segmentation, and secure container images.
• Automation & Infrastructure as Code:
• Advance automation efforts for provisioning, configuration management, and infrastructure deployment (IaC).
• Define and document standardized operating procedures (SOPs) for secure infrastructure deployment and maintenance.
• Collaboration & Leadership:
• Partner with cross-functional teams developers, QA, architects, and operations to embed security and DevOps principles in the software development lifecycle (SDLC).
• Mentor and coach junior team members on DevSecOps best practices and emerging technologies.
• Implement centralized logging, monitoring, and alerting solutions to track system health and security events.
• Develop incident response processes and lead post-incident reviews to identify root causes and implement improvements.
• Ensure adherence to relevant security and regulatory standards (NIST CSF, SOC 2, ISO 27001, PCI-DSS, HIPAA, etc.).
• Develop and maintain security policies, standards, and guidelines in collaboration with management and other stakeholders.
• Keep abreast of emerging trends and technologies in DevSecOps, cloud security, and application security.
• Evaluate and integrate new tools, technologies, and processes to enhance security, reliability, and efficiency.
• Understands and consistently performs in accordance with Company Mission, Vision, and Values.
• Support Company' culture by aligning actions, behaviors, performance, and decisions in accordance with the Company's values as set forth in our All-Employee Competencies.
• Perform other duties and responsibilities as assigned.
  

Qualifications:

• A four-year degree in Computer Science, Software Engineering, Information Technology, or a related field.
• Five or more years of experience in DevOps, DevSecOps, or related roles.
• Deep knowledge of security tools and best practices, including vulnerability scanning, intrusion detection, and compliance frameworks (e.g., NIST CSF, SOC 2, ISO 27001, PCI-DSS, HIPAA).
• Strong background in cloud platforms (Microsoft Azure, AWS, or Google Cloud) with a focus on securing cloud infrastructure and services.
• Proficiency with containers (Docker, Kubernetes) and the secure configuration of containerized workloads.
• Experience with CI/CD pipelines (e.g., Jenkins, GitLab CI, and GitHub Actions) and related automation tools.
• Familiarity with infrastructure-as-code tools (Terraform, Ansible, or CloudFormation) and their secure configurations.
• Experience with logging, monitoring, and alerting solutions (e.g., ELK Stack, Prometheus, and Grafana) and best practices for security operations (SOC, SIEM, etc.).
• Strong understanding of application security (OWASP Top Ten, secure coding practices, SAST/DAST).
• Advanced analytical, conceptual, and creative problem-solving abilities.
• Ability to translate complex security or DevOps requirements into actionable solutions.
• Solid experience in generating standardized documentation for DevSecOps processes and best practices.
• Must be self-motivated, work independently, and be a team player amenable to a variety of work projects.
• Must maintain a high level of confidentiality.
• Must be able to demonstrate a proactive commitment to Company corporate values and the success of all staff.
• Excellent interpersonal and communication skills (written, listening, and verbal).
  
  

If interested, you may contact:

Lisa Pelletier

Lisa.Pelletier@eclaro.com

646-695-2949

Lisa Pelletier | LinkedIn

Equal Opportunity Employer: ECLARO values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.