BECU is a financial institution with a commitment to serving its members and communities. They are seeking a Sr Cybersecurity DevSecOps Engineer to integrate security practices into the software delivery lifecycle, secure CIAM platform configurations, and collaborate with various teams to operationalize security controls across CI/CD pipelines.
Responsibilities:
- Guide developers and engineers on secure engineering practices and help support adoption of security best practices
- Contribute to roadmap and strategy development for platform and infrastructure components
- Secure configuration and deployment of SaaS CIAM environments. Validate tenant configurations against enterprise security standards
- Ensure that security practices are embedded into the software development lifecycle (SDLC) from design through deployment
- Ensure that security checks are consistently applied and that vulnerabilities are identified and addressed early in the development process
- Develop clear security architecture documentation, data flow diagrams, and process artifacts
- Lead the design and implementation of secure infrastructure using Infrastructure as Code (IaC) tools such as Terraform, Ansible, or Kubernetes to create and manage infrastructure that is both scalable and secure
- Build tools, scripts, and policy as code solutions to automate security enforcement across CI/CD pipelines
- Define logging, monitoring, and alerting requirements to strengthen detection and operational response
- Support GDPR, HIPAA, and internal compliance requirements across CIAM systems and workflows
- Conduct risk assessments and implement controls that reduce exposure across delivery processes
- Promote shared responsibility for security across development and operations teams
- Identify opportunities to enhance security posture, tooling efficiency, and platform resilience
- Provide on-call support as needed and participate in the Security Incident Response Team to ensure quick resolution of security events
Requirements:
- Bachelor's degree in computer science or a related field, or equivalent experience
- 5+ years of experience in DevSecOps, security engineering, or related discipline, including experience supporting or leading engineering teams
- Proficient in problem solving, leadership, and communication skills
- Knowledge of identity and authentication concepts (OAuth2, OIDC, SAML, token-based authentication, session security, API authorization)
- Knowledge of security principles such as threat modeling, risk assessment, and vulnerability management
- Ability to stay current with emerging technologies through work experience or continued learning
- Advanced scripting proficiency (Python, Bash)
- Experience with CI/CD platforms such as Jenkins or GitLab CI
- Knowledge of cloud platforms (AWS, Azure, GCP) and core network/application security principles
- Familiarity with security frameworks such as NIST or ISO 27001
- Experience securing SaaS or cloud native platforms
- Experience working in Agile environments