[Hiring] DevSecOps Engineer @Team Velocity

Role Description

We are seeking a seasoned Red Team Lead to spearhead offensive security operations and proactively identify vulnerabilities across our infrastructure and applications. This role will collaborate closely with our VP of Security & DevOps and interface with our SRE and DevOps teams to ensure robust security posture across all environments.

As the DevSecOps Engineer you will work alongside developers to bake in security early and support our DevOps/Platform engineers in securing pipelines and infrastructure. You will partner with QA/Testing teams to build security test cases, advise product owners on risks and compliance needs and act as a bridge to InfoSec for vulnerability management and audits.

Key Responsibilities

• Red Team:
  • Form, Lead, and Execute Red Team engagements simulating real-world attack scenarios.
  • Collaborate with SRE and DevOps teams to validate findings and recommend remediation strategies.
  • Manage full attack lifecycle operations: reconnaissance, exploitation, persistence, lateral movement, and exfiltration.
• Security by Design:
  • Integrate security requirements and controls into architecture, design, and coding practices.
• Code & Dependency Review:
  • Automate and conduct reviews of code, libraries, and dependencies to identify vulnerabilities.
• Threat Modeling & Risk Assessment:
  • Collaborate with engineers to assess potential attack vectors and recommend mitigations.
• Secure CI/CD Pipelines:
  • Implement static (SAST), dynamic (DAST), and dependency scanning tools into CI/CD pipelines.
• Cloud & Infrastructure Security:
  • Work with DevOps to secure Kubernetes, containers, secrets management, and cloud environments (AWS/GCP/Azure).

Qualifications

• Strong background in application security (OWASP, NIST, MITRE ATT&CK)
• Proficiency in one or more programming languages (C#, Python, Java, or JavaScript)
• Experience with CI/CD and DevSecOps tooling (SonarQube, Snyk, Veracode, GitHub Actions, etc.)
• Familiarity with container security (Docker, Kubernetes, Istio)
• Cloud security expertise (IAM, secrets management, network segmentation)
• Knowledge of regulatory/compliance frameworks relevant to the organization
• Experience with penetration testing or red teaming, a plus!
• Certifications (e.g., CISSP, OSCP, CEH, CCSK), a plus!
• Familiarity with zero-trust architectures, a plus!
• Hands-on with Infrastructure as Code (Terraform, Helm, Pulumi), a plus!

Benefits

• This is a full-time, salaried, remote position.
• Compensation commensurate on experience.
• Participation in company benefit offerings include medical, dental, vision, unlimited paid leave, 401(k) matching, wellness, and more.

Next Steps

If you meet the requirements, and are interested in applying for this role, please complete the online application, be sure to include a current resume and contact information. Eastern and Central Time Zones highly preferred. NO PHONE CALLS PLEASE.