Job type: Contract (W2) Duration: 12 months (scope for extension) Location: Dallas (hybrid)
The role
We believe that security should be an enabler, not a blocker, which is why we’re building systems that empower developers to move fast and build securely. Our DevSecOps team plays a central role in this mission and we're looking for a DevSecOps Engineer to help us go further. In this role, you will secure our software supply chain, embed AppSec into our CI/CD pipelines and partner with engineering teams to drive smart, secure decisions earlier in the SDLC. As a DevSecOps Engineer, you will work at the intersection of security and engineering, embedding tools and processes to detect risk early and automate the right responses. This is a hands-on role, focused on driving adoption of modern AppSec tooling, triaging real-world vulnerabilities and creating fast, developer-friendly feedback loops.
Who are we looking for?
The ideal candidate will have the following skills and experience:
* Solid experience securing CI/CD pipelines and integrating AppSec tooling using platforms such as GitLab CI, Jenkins and GitHub Actions
* Working knowledge of SAST, SCA and DAST principles and tuning techniques to improve signal quality
* Familiarity with SBOM standards – such as CycloneDX or SPDX - and how they’re used to improve software transparency
* Experience scripting or building automation in Python, C#, Go or similar
* A strong grasp of container security, for example with Docker or Kubernetes and cloud infrastructure, such as AWS, Azure or GCP
* A collaborative, low-ego approach with strong written and verbal communication skills
* A growth mindset; you\'re excited to continuously evolve your knowledge and help others do the same
The below are beneficial:
* Experience with secure management and distribution of secrets using tools such as HashiCorp Vault or AWS Secrets Manager
* Operational knowledge of PKI and internal certificate lifecycles
* Secure artefact signing, provenance tracking or build pipeline hardening
Key responsibilities of the role include:
* Embedding and optimising SAST, SCA and DAST tools within CI/CD pipelines to catch issues early
* Triaging and contextualizing security findings, guiding developers toward practical, risk-based fixes
* Building automation and internal tooling to streamline how security results are collected, prioritised and acted upon
* Driving the creation, management and use of Software Bills of Materials (SBOMs) to improve visibility and traceability of dependencies
* Championing SDLC supply chain security, including dependency hygiene, provenance, artefact integrity and secure build environments
* Enabling teams with playbooks, education and tooling that make secure development the default path
* Collaborating cross-functionally with Platform and Product teams to evolve our security posture
#J-18808-Ljbffr