Senior Security Engineer, DevSecOps

PrizePicks

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $120,000 - $180,000 per year

Job Level

Senior

Tech Stack

AWSAzureCloudFirewallsGoogle Cloud PlatformKubernetesNoSQLSQLTerraform

About the role

  • Security team works in Engineering on the Infrastructure team to further develop our security practices, write and implement security policies, advise on best practices while implementing tooling to protect the company and our remarkable customers.
  • Manage and maintain edge and bot protection (e.g., WAF, CDN, DDoS mitigation).
  • Perform security-focused infrastructure reviews for new product releases and architectural changes.
  • Implement and maintain monitoring and alerting tools to detect cloud and container-related vulnerabilities and misconfigurations.
  • Collaborate with DevOps and Engineering teams to embed security into CI/CD pipelines and deployment processes without slowing down delivery.
  • Partner with Application Security and Engineering to implement security controls on opportunities identified during Threat Modeling.
  • Lead initiatives around infrastructure-as-code (IaC) security and runtime protection to automate security controls and hardening.
  • Assist with threat modeling, risk assessments, and provide security guidance during the development lifecycle.
  • Collaborate with incident response teams, offering expert advice on cloud-related security issues to help resolve incidents quickly.
  • Develop tooling or automation to support proactive remediation and continuous security validation.
  • Track and report DevSecOps KPIs, such as mean time to remediate, security control coverage, and vulnerability trends.

Requirements

  • 3-5 years in DevSecOps, Security Engineering, or similar roles
  • Expertise with cloud platforms (GCP, AWS, Azure) and container orchestration (e.g., Kubernetes, ECS)
  • Experience with cloud and container security tooling
  • Strong understanding of WAFs, bot mitigation, API gateways, and CDN security features
  • Proven experience performing secure design and architecture reviews
  • Proficiency with IaC tools (Terraform, OpenTofu, Helm, etc.) and integrating security scanners into pipelines
  • Extensive hands-on experience with Terraform, OpenTofu, and/or Crossplane
  • Solid understanding of CI/CD principles and experience with GitHub Actions and ArgoCD
  • Solid understanding of networking principles (e.g., VPCs, load balancing, firewalls) in a cloud environment
  • Knowledge of database management (SQL and NoSQL)
  • Relevant certifications (e.g., Kubernetes and Cloud Native Security Associate, Certified Kubernetes Security Specialist, Google Professional Cloud Security Engineer, AWS Certified DevOps Engineer, AWS Certified Security - Specialty, Certified Kubernetes Administrator)