DevSecOps Engineer

Title: DevSecOps Engineer

Duration: 12 Months

Location: Charlotte, NC - Hybrid Role

Overview

We are seeking an experienced Senior DevSecOps Engineer with a strong background in automation, security-first engineering, application support, and vulnerability management within a regulated enterprise environment. The ideal candidate brings deep expertise in shift-left security practices, container orchestration, CI/CD pipeline engineering, and the ability to embed security controls directly into the software delivery lifecycle. A solid foundation in scripting, hands-on troubleshooting, and comfort operating in a fast-paced Agile environment are essential.

Key Responsibilities

• Design, build, and maintain CI/CD pipelines using GitHub Actions (reusable/caller workflow pattern) and Harness CD (rolling, canary, and blue-green deployment strategies).
• Implement event-driven deployment triggers (e.g., Kafka EDA bus integration between CI and CD).
• Champion shift-left security by embedding SAST, SCA, secret scanning, and code quality gates at PR time, ensuring vulnerabilities are caught before merge, not after deployment.
• Integrate and manage Checkmarx (SAST), Black Duck (SCA/license compliance), SonarQube (code quality/security hotspots), and GitHub Secret Scanning into CI pipelines as hard-gate merge checks.
• Perform container image scanning using Prisma Cloud and Artifactory Xray; triage and remediate OS-level and application-layer CVEs.
• Implement and enforce artifact signing (GPG) and integrity verification as part of the release pipeline.
• Manage vulnerability lifecycle from scan ingestion through ServiceNow AVR (Application Vulnerability Repository) to remediation closure.
• Partner with cross functional teams to improve system reliability, performance, and deployment workflows.
• Collaborate with AppSec and SOC teams on findings from Splunk Enterprise Security rules and AppDynamics threat detection (OWASP attack patterns).
• Deploy, manage, and troubleshoot workloads on OpenShift Container Platform (OCP) across multi-data-center environments (DEV, UAT, PROD, DR).
• Author and maintain Helm charts with environment-specific value overlays, including templates for Deployments, StatefulSets, Services, Ingress/Routes, HPA, PodDisruptionBudgets, and NetworkPolicies.
• Manage Istio service mesh configurations for canary traffic shifting and mTLS enforcement.
• Automate TLS/mTLS certificate lifecycle using Venafi + cert-manager with auto-renewal policies.
• Build and maintain monitoring stacks using Splunk, Prometheus, Grafana, and AppDynamics for APM, error tracking, and performance baselines.
• Troubleshoot application issues, resolve incidents, and manage ticket requests across Jira projects in a timely manner.
• Develop and maintain automation scripts using Python, Bash/Shell, PowerShell, or Perl.
• Contribute to Agile ceremonies and participate in continuous improvement initiatives.
  
  

Required Qualifications

• 10+ years of overall IT experience, including 5+ years as a DevOps/DevSecOps Engineer.
• Strong hands-on experience with GitHub Actions, building reusable workflows, composite actions, and matrix strategies for multi-language CI pipelines.
• Hands-on experience with Harness CD or equivalent enterprise CD platform (pipeline-as-code, environment promotion, approval gates, rollback strategies).
• Production experience operating OpenShift Container Platform (OCP) or Kubernetes, including Helm chart authoring, namespace administration, RBAC, SCC enforcement, and troubleshooting pod/node issues.
• Deep understanding of shift-left security tooling: SAST (Checkmarx or equivalent), SCA (Black Duck/Snyk), secret scanning, and container image scanning (Prisma Cloud/Trivy/Xray).
• Proficiency in at least two scripting languages: Python, Bash/Shell, PowerShell, or Perl.
• Experience with Java-based environments (Spring Boot, Gradle) and SQL-driven systems (Oracle preferred).
• Hands-on experience with HashiCorp Vault or equivalent secrets management platform.
• Demonstrated ability to troubleshoot complex, multi-tier application issues across containers, networking, databases, and middleware.
• Strong understanding of GitFlow branching strategies, pull request workflows, mandatory peer review, and code coverage enforcement.
• Strong communication skills and experience working in an Agile development environment.
  
  

Preferred Qualifications

• Experience in financial services, banking, or other regulated industries (PCI-DSS, SOX, AML/KYC compliance awareness).
• Exposure to AI/ML technologies or Python based automation.
• Familiarity with JFrog Artifactory for artifact management, internal registry proxying, and Xray policy enforcement.
• Hands-on experience with Splunk (log analysis, ES correlation rules) or Grafana/Prometheus for observability.
• Experience contributing to governance-as-code frameworks or platform engineering teams.
• Familiarity with CI/CD pipelines, cloud platforms, or containerization tools.