DevSecOps Engineer (Application Security Focus)

Apply now
  • year-experience +5 years place México LATAM contract Remote/Full Time english Advanced
Description:

We are seeking a highly skilled DevSecOps and Application Security Engineer responsible for strengthening application security and integrating advanced DevSecOps practices throughout the full software development lifecycle. This role ensures security is deeply embedded in both pipeline automation and in application development, reducing risk exposure while enabling secure, efficient delivery.

What will you do?

  • Lead application security efforts by identifying, assessing, and remediating security vulnerabilities in applications, APIs, and cloud environments.
  • Integrate, maintain, and automate security controls in CI/CD pipelines (including SAST, DAST, SCA, IAST, container scanning, and IaC security).
  • Conduct secure code reviews, threat modeling sessions, and application risk assessments with engineering teams.
  • Collaborate with development, operations, and security teams to embed secure coding practices and shift security left in the SDLC.
  • Automate security checks and build scripts for enforcement within pipelines and development workflows.
  • Monitor, triage, and remediate findings from security tools, scanners, and runtime analyses.
  • Partner with teams to implement application security frameworks and best practices (OWASP Top 10, threat modeling, secure architecture patterns).
  • Stay informed of the latest application security and DevSecOps trends, threats, and frameworks; contribute to internal security guidelines, standards, and training.

Requirements:
  • Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent experience.
  • +5 years of experience in DevSecOps, Application Security, or Secure Software Development.
  • Strong programming skills in languages such as PHP, JavaScript, Python, or Java.
  • Experience working with AWS services and cloud security best practices.
  • Hands-on experience with CI/CD tools (GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, etc.).
  • Experience with SAST, DAST, SCA, IAST, and related application security tools.
  • Understanding of cloud and container security best practices (e.g., Docker, Kubernetes).
  • Strong knowledge of OWASP Top 10 and secure coding principles.
  • Excellent communication skills for collaborating with developers and stakeholders.
Nice to have:
  • Experience in penetration testing or code-level security assessments.
  • Professional certifications (e.g., eJPT, OSWE, OSCP, CSSLP, GIAC GWAPT/GPCS).
  • Experience with Infrastructure as Code (Terraform, CloudFormation) and Zero Trust implementations.
  • Familiarity with functional programming languages, Clojure.