Key skills
PythonAIMLLLMAWSAzureGCPTerraformKubernetesJenkinsGitHub ActionsGitLab CIECSAKSCloudFormationIAMAzure DevOpsOAuthSAMLSSOGitHubGitLabiOSAndroidSDLCCI/CDRisk ManagementPenetration TestingZero Trust
About this role
YPO (Young Presidents’ Organization) is the world’s most influential community of chief executives, connecting more than 35,000 extraordinary business leaders across 142 countries. They are seeking a DevSecOps Engineer to integrate security and compliance into the software development lifecycle and ensure secure-by-design principles across their AI-first, mobile-native platforms.
Responsibilities:
- Architect, implement, and continuously improve secure-by-design controls across multi-cloud environments (AWS, Azure, GCP)
- Secure network segmentation, encryption, secrets management, secure APIs, and container platforms (Kubernetes, ECS, AKS)
- Develop and enforce Infrastructure as Code and policy-as-code guardrails (Terraform, CloudFormation, ARM, OPA, Sentinel, Azure Policy, AWS SCPs)
- Enable automated configuration validation and remediation
- Design and maintain security controls within CI/CD pipelines
- Integrate SAST, DAST, SCA, container scanning, and IaC scanning
- Implement automated security gates to prevent high-risk code while optimizing pipeline performance
- Lead threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, and security design/code reviews
- Define secure coding standards for backend APIs, mobile applications, and AI-powered services
- Partner with developers to remediate vulnerabilities and improve triage accuracy
- Enforce and audit enterprise IAM and Zero Trust principles (RBAC, PAM, SSO, MFA, OAuth/OIDC, SAML)
- Conduct access reviews, entitlement governance, and privilege drift detection
- Own the vulnerability management lifecycle (asset discovery, continuous scanning, risk prioritization, remediation tracking)
- Coordinate penetration testing and risk register reporting
- Integrate telemetry into SIEM/SOAR platforms; define detection standards and support log ingestion strategy
- Conduct threat hunting, incident response, and forensic investigations
- Develop incident response playbooks, tabletop exercises, and cloud/pipeline-specific runbooks
- Cooperate with IT Security & Operations to document risks, track remediation progress, and support incident response
- Automate security operations, compliance validation, audit artifact generation, dashboards, and reporting (Python preferred)
- Operationalize compliance frameworks including: SOC 2, ISO 27001, NIST Cybersecurity Framework (NIST CSF), GDPR / CCPA
- Support audit readiness, third-party risk management, and governance processes
- Evaluate emerging security technologies and continuously improve automation and security maturity
Requirements:
- 5+ years of hands-on experience in security engineering (3+ in cloud infrastructure security)
- Experience securing cloud environments (AWS, Azure, and/or GCP)
- Experience integrating security tooling into CI/CD platforms (GitHub Actions, Azure DevOps, GitLab CI, Jenkins)
- Experience securing AI/ML infrastructure (model APIs, data pipelines, vector databases, inference endpoints)
- Experience monitoring LLM usage and auditing model access controls
- API abuse detection across the SDLC
- Strong experience with Terraform, CloudFormation, and ARM
- Familiarity with container security and Kubernetes environments
- Experience with SAST, DAST, SCA, and dependency scanning tools
- Proficiency in Python or equivalent scripting language
- Strong knowledge of IAM, encryption, OAuth/OIDC, RBAC, and secure cloud architecture principles
- Deep understanding of compliance and security frameworks including SOC 2, ISO 27001, and NIST
- Exposure to mobile application security (iOS and/or Android), including API security and token management
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- Security certifications highly desirable (AWS, Azure, GCP, CISSP, CCSP, GIAC, etc.)