DevOps Engineer

Scope of Work: Servicepoint has a customer seeking a Sr. DevSecOps Engineer for a Direct Placement opportunity located in St. Cloud MN. The position is fully on site for the first 6 months; opportunity to transition to 1 day remote thereafter This resource will have the option to work out of the St. Louis Park location which is much more centrally located but client would really prefer a resource closer to headquarters in St. Cloud MN. The hours will be 8AM-5PM CST Monday-Friday.

The Senior DevSecOps Engineer is responsible for designing, implementing, and maintaining secure, scalable, and resilient development and operational processes across the organization. This role drives a security-first culture, ensuring that both existing and emerging platforms adhere to best practices in security, compliance, and reliability. In partnership with software development, architecture, QA, and operations teams, the Senior DevSecOps Engineer empowers continuous integration and delivery (CI/CD) pipelines, automates processes, and provides technical leadership in secure coding, vulnerability assessment, and remediation. This role also serves as a trusted advisor to leadership and key stakeholders, sharing best practices and emerging trends in DevSecOps.

Essential Duties and Responsibilities

· Lead the design, implementation, and maintenance of CI/CD pipelines that integrate security controls at every stage.

· Ensure automated testing, vulnerability scanning, and compliance checks are performed continuously.

· Establish and maintain a robust application and infrastructure security posture, including vulnerability scanning, threat modeling, and penetration testing.

· Collaborate with development teams to remediate identified security gaps promptly

· Architect and maintain secure cloud environments in Azure, AWS, or Google Cloud.

· Champion best practices for container orchestration, including Kubernetes security, network segmentation, and secure container images.

· Automation & Infrastructure as Code

· Advance automation efforts for provisioning, configuration management, and infrastructure deployment (IaC).

· Define and document standardized operating procedures (SOPs) for secure infrastructure deployment and maintenance.

· Collaboration & Leadership

· Partner with cross-functional teams—developers, QA, architects, and operations—to embed security and DevOps principles in the software development lifecycle (SDLC).

· Mentor and coach junior team members on DevSecOps best practices and emerging technologies.

· Implement centralized logging, monitoring, and alerting solutions to track system health and security events.

· Develop incident response processes and lead post-incident reviews to identify root causes and implement improvements.

· Ensure adherence to relevant security and regulatory standards (NIST CSF, SOC 2, ISO 27001, PCI-DSS, HIPAA, etc.).

· Develop and maintain security policies, standards, and guidelines in collaboration with management and other stakeholders.

· Keep abreast of emerging trends and technologies in DevSecOps, cloud security, and application security.

· Evaluate and integrate new tools, technologies, and processes to enhance security, reliability, and efficiency.

· Understands and consistently performs in accordance with COMPANY Mission, Vision, and Values.

· Support COMPANY' culture by aligning actions, behaviors, performance, and decisions in accordance with the Company's values as set forth in our All-Employee Competencies.

· Complete work responsibilities outside of normal business hours as needed and infrequent travel may be required.

· Perform other duties and responsibilities as assigned.

Qualifications:

· REQUIRED: A four-year degree in Computer Science, Software Engineering, Information Technology, or a related field.

· Five or more years of experience in DevOps, DevSecOps, or related roles.

· Deep knowledge of security tools and best practices, including vulnerability scanning, intrusion detection, and compliance frameworks (e.g., NIST CSF, SOC 2, ISO 27001, PCI-DSS, HIPAA).

· Strong background in cloud platforms (Microsoft Azure, AWS, or Google Cloud) with a focus on securing cloud infrastructure and services.

· Proficiency with containers (Docker, Kubernetes) and the secure configuration of containerized workloads.

· Experience with CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions) and related automation tools.

· Familiarity with infrastructure-as-code tools (Terraform, Ansible, or CloudFormation) and their secure configurations.

· Experience with logging, monitoring, and alerting solutions (e.g., ELK Stack, Prometheus, Grafana) and best practices for security operations (SOC, SIEM, etc.).

· Strong understanding of application security (OWASP Top Ten, secure coding practices, SAST/DAST).

· Advanced analytical, conceptual, and creative problem-solving abilities.

· Ability to translate complex security or DevOps requirements into actionable solutions.

· Solid experience in generating standardized documentation for DevSecOps processes and best practices.

· Must be self-motivated, work independently, and be a team player amenable to a variety of work projects.

· Must maintain a high level of confidentiality.

· Must be able to demonstrate a proactive commitment to COMPANY corporate values and the success of all staff.

· Excellent interpersonal and communication skills (written, listening, and verbal).

· Willing and able to travel occasionally, including overnight travel ONLY WHEN REQUIRED AND

Interview Process:

1. Webex interview with HR

2. Interview with hiring mgr.

3. Interview with team and manager

4. Possibly final or may extend offer after third interview