What are the responsibilities and job description for the DevSecOps Engineer position at FundGuard?
We are seeking an experienced DevSecOps Engineer to join our CloudOps team. This is a dedicated role where you will independently drive the implementation and upkeep of security practices across our development and operations processes. You'll collaborate closely with both the development and operations teams to ensure our cloud infrastructure and applications meet security requirements, while supporting efficient and reliable delivery.
KEY RESPONSIBILITIES:
● Design, implement, and maintain security controls across our cloud environments using CNAPP, CSPM, and CWPP solutions
● Lead security automation initiatives within CI/CD pipelines
● Perform security assessments, vulnerability management, and remediation
● Implement and manage cloud security tools and services
● Develop and maintain security documentation and policies
● Collaborate with development teams to integrate security early in the development lifecycle
● Monitor and respond to security events and incidents
● Stay current with emerging security threats and best practices
RequirementsRequirements:
● 5 years of experience in DevSecOps, Security Engineering, or similar roles
● Strong experience with cloud security services in AWS and/or Azure environments
● Working knowledge of Cloud Native Application Protection Platforms (CNAPP), Cloud Security Posture Management (CSPM), and Cloud Workload Protection Platforms (CWPP)
● Hands-on experience with security tools such as Netskope, Orca/Wiz Security (CNAPP/CSPM), Crowdstrike (CWPP), Snyk, StackHawk DAST, and Knowbe4
● Knowledge of container security and Kubernetes (MUST)
● Experience implementing security in CI/CD pipelines, including SAST/SCA and DAST tools
● Experience coordinating with third-party vendors for security audits and penetration testing, including managing remediation efforts and implementing findings
● Proficiency in scripting languages (Python, Bash)
● Understanding compliance frameworks (SOC1/2, ISO27001, GDPR, DORA, etc.)
● Ability to work autonomously and to drive results
● Strong analytical and problem-solving skills
● Excellent communication and collaboration abilities
● MUST be willing to work on-site in a hybrid model
● Permanent U.S. work authorization REQUIRED
