DevSecOps Engineer

Job type: Contract (W2) Duration: 12 months (scope for extension) Location: Dallas (hybrid)

The role

We believe that security should be an enabler, not a blocker, which is why we're building systems that empower developers to move fast and build securely. Our DevSecOps team plays a central role in this mission and we're looking for a DevSecOps Engineer to help us go further. In this role, you will secure our software supply chain, embed AppSec into our CI/CD pipelines and partner with engineering teams to drive smart, secure decisions earlier in the SDLC. As a DevSecOps Engineer, you will work at the intersection of security and engineering, embedding tools and processes to detect risk early and automate the right responses. This is a hands-on role, focused on driving adoption of modern AppSec tooling, triaging real-world vulnerabilities and creating fast, developer-friendly feedback loops.

Who are we looking for?

The ideal candidate will have the following skills and experience:

• Solid experience securing CI/CD pipelines and integrating AppSec tooling using platforms such as GitLab CI, Jenkins and GitHub Actions
• Working knowledge of SAST, SCA and DAST principles and tuning techniques to improve signal quality
• Familiarity with SBOM standards - such as CycloneDX or SPDX - and how they're used to improve software transparency
• Experience scripting or building automation in Python, C#, Go or similar
• A strong grasp of container security, for example with Docker or Kubernetes and cloud infrastructure, such as AWS, Azure or GCP
• A collaborative, low-ego approach with strong written and verbal communication skills
• A growth mindset; you're excited to continuously evolve your knowledge and help others do the same

The below are beneficial:

• Experience with secure management and distribution of secrets using tools such as HashiCorp Vault or AWS Secrets Manager
• Operational knowledge of PKI and internal certificate lifecycles
• Secure artefact signing, provenance tracking or build pipeline hardening

Key responsibilities of the role include:

• Embedding and optimising SAST, SCA and DAST tools within CI/CD pipelines to catch issues early
• Triaging and contextualizing security findings, guiding developers toward practical, risk-based fixes
• Building automation and internal tooling to streamline how security results are collected, prioritised and acted upon
• Driving the creation, management and use of Software Bills of Materials (SBOMs) to improve visibility and traceability of dependencies
• Championing SDLC supply chain security, including dependency hygiene, provenance, artefact integrity and secure build environments
• Enabling teams with playbooks, education and tooling that make secure development the default path
• Collaborating cross-functionally with Platform and Product teams to evolve our security posture