Senior DevSecOps Engineer
Indexed description
Primary Responsibilities
CI/CD Pipeline Security & Governance
- Design, build, and manage secure CI/CD pipelines using Azure DevOps and GitHub Advanced Security
- Implement and enforce security gates, policy-as-code controls, and approval workflows at every pipeline stage
- Integrate vulnerability scanning tools (SAST, DAST, SCA, container scanning) and aggregate findings into centralized reporting dashboards
- Operationalize security scanning across multiple tools (GitHub Advanced Security, SonarQube, etc.)
- Build automated workflows to correlate, deduplicate, and prioritize vulnerability data from disparate sources
- Implement Kyverno policies to enforce container image security, network policies, and runtime constraints
- Design and deploy Kubernetes Pod Security Standards, network policies, and RBAC configurations
- Manage container image scanning, signing, and attestation in Azure Container Registry (ACR)
- Lead the design and implementation of zero trust security principles across infrastructure and applications
- Implement workload identity and managed identity solutions in Azure for application-to-service authentication
- Design network segmentation, microsegmentation policies, and encrypted inter-service communication
- Identify, evaluate, and operationalize AI-powered security tools across the SDLC — code review assistants, automated triage agents, anomaly detection — establishing review patterns, prompt and policy controls, and audit trails appropriate to a regulated environment
- Define and enforce secure usage standards for AI coding assistants and agentic developer tools (data handling, secret-leak prevention, model and provider governance, validation of model output)
- Build internal automations using LLMs and MCP-style integrations to reduce toil in vulnerability triage, policy authoring, evidence collection for audits, and incident response
- 5+ years of software development, DevOps, or security engineering experience
- 5+ years of dedicated security or DevSecOps practice
- 3+ years of hands-on experience building and maintaining CI/CD pipelines at scale
- 3+ years of Kubernetes administration, security hardening, or platform engineering experience
- CI/CD Platforms: Deep expertise in Azure DevOps and/or GitHub Actions
- GitHub Security Suite: Hands-on background with GitHub Secret Protection (secret scanning and push protection) and GitHub Code Security (code scanning, Dependabot, security overview); experience tuning detections, triaging alerts, enforcing repository-level policies at scale, and integrating findings into pipeline gates
- Kubernetes: Expert-level knowledge of Kubernetes architecture, security, and operational management in AKS
- Container Security: Hands-on experience with container image scanning, signing, and registry security
- Policy Engines: Hands-on experience with Kyverno (or equivalent: OPA/Gatekeeper, Kubewarden)
- Azure Platform: Proficiency with Azure services including AKS, ACR, Key Vault, Azure Policy, Azure DevOps
- Scripting & Automation: Strong scripting skills in PowerShell, Bash, Python, or Go
- Infrastructure as Code: Strong Terraform skills including module design, state management, and policy testing; experience codifying security baselines as reusable
- AI Tooling: Hands-on experience using AI coding assistants (e.g., GitHub Copilot, Claude Code, Cursor) to accelerate secure development; comfort evaluating, integrating, and operating AI-assisted security tooling — AI-driven SAST, agentic vulnerability triage, MCP-based pipeline automations — with appropriate guardrails for a regulated environment
- Zero Trust Architecture: Hands-on design and implementation of zero trust models in production environments
- Supply Chain Security: Experience with SBOM generation, attestation, provenance
- Certifications: CKS, AZ-500, AWS Security, CCSK, CISSP
- Prior experience in banking, financial services, or other highly regulated industries
- 100% of applications scanned before production deployment; zero critical or high vulnerabilities in production pipeline
- Compliance with SLA for critical/high/medium/low vulnerability remediation
- Achieve advanced maturity in zero trust architecture implementation
- Maintain control effectiveness rating in regulatory examinations
All Locations:
Plano-Parkwood II
If any applicant is unable to complete an application or respond to a job opening because of a disability, please email us at [email protected] for assistance.
First United is an Equal Opportunity Employer. To the extent required by Federal or State law, First United does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, or any other characteristic protected by law.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search