DevSecOps Engineer

Apply now
  • year-experience +5 years place México LATAM contract Remote/Full Time english Advanced
Description:

We are looking for a DevSecOps Engineer who will be responsible for strengthening application security and integrating modern DevSecOps practices across the development lifecycle. This includes identifying and remediating vulnerabilities, embedding security controls in CI/CD pipelines, and ensuring that security is built into every phase of software development.

The role involves close collaboration with development and operations teams to implement “security by design,” reduce risk exposure, and support secure and efficient software delivery.

What will you do?

  • Identify, assess, and remediate security vulnerabilities across web, API, and cloud environments.
  • Integrate and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, container scanning, IaC security).
  • Collaborate with engineering teams to embed secure coding practices and shift security left in the SDLC.
  • Conduct secure code reviews, threat modeling, and application risk assessments.
  • Automate security checks and develop scripts for enforcement within pipelines.
  • Monitor, triage, and resolve findings from security tools and scanners.
  • Stay current with security trends, frameworks, and emerging threats (OWASP, MITRE ATT&CK, NIST).
  • Contribute to internal security guidelines, standards, and developer training.

Requirements:
  • Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent experience.
  • + 5-3 years of experience in DevSecOps, Application Security, or Secure Software Development.
  • Strong programming skills in languages such as PHP, JavaScript, Python, or Java.
  • Hands-on experience with CI/CD tools (GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, etc.).
  • Experience with SAST, DAST, SCA, IAST, and related application security tools.
  • Understanding of cloud and container security best practices (e.g., Docker, Kubernetes).
  • Strong knowledge of OWASP Top 10 and secure coding principles.
  • Excellent communication skills for collaborating with developers and stakeholders.
Nice to have:
  • Experience in penetration testing or code-level security assessments.
  • Professional certifications (e.g., eJPT, OSWE, OSCP, CSSLP, GIAC GWAPT/GPCS).
  • Experience with Infrastructure as Code (Terraform, CloudFormation) and Zero Trust implementations.
  • Familiarity with functional programming languages, Clojure.