DevSecOps Engineer

YPO is a global organization focused on developing leaders. They are seeking a DevSecOps Engineer to integrate security and compliance into the software development lifecycle and CI/CD pipelines, ensuring secure-by-design principles are embedded across their platforms.

Responsibilities:

• Architect, implement, and continuously improve secure-by-design controls across multi-cloud environments (AWS, Azure, GCP), including network segmentation, encryption, secrets management, secure APIs, and container platforms (Kubernetes, ECS, AKS)
• Develop and enforce Infrastructure as Code and policy-as-code guardrails (Terraform, CloudFormation, ARM, OPA, Sentinel, Azure Policy, AWS SCPs) with automated configuration validation and remediation
• Design and maintain security controls within CI/CD pipelines, integrating SAST, DAST, SCA, container and IaC scanning, and automated security gates to prevent high-risk code while optimizing pipeline performance
• Lead threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, and security design/code reviews to mitigate risk prior to deployment
• Define and promote secure coding standards for backend APIs, mobile applications, and AI-powered services; partner with developers to remediate vulnerabilities and improve triage accuracy
• Enforce and audit enterprise IAM and Zero Trust principles (RBAC, PAM, SSO, MFA, OAuth/OIDC, SAML), including access reviews, entitlement governance, and privilege drift detection
• Own the vulnerability management lifecycle, including asset discovery, continuous scanning, risk-based prioritization, remediation tracking, penetration testing coordination, and risk register reporting
• Integrate application and cloud telemetry into SIEM/SOAR platforms; define detection standards, support log ingestion strategy, conduct threat hunting, and assist with incident response and forensic investigations
• Develop and maintain incident response playbooks, tabletop exercises, and cloud/pipeline-specific runbooks
• Cooperate with the IT Security & Operations team to document risks within the risk register, track remediation progress and incident response
• Partner with Cloud Engineering teams to secure infrastructure and services
• Automate security operations, compliance validation, audit artifact generation, dashboards, and reporting using scripting (Python preferred)
• Operationalize compliance frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, CCPA), support audit readiness and third-party risk management, and ensure alignment with internal governance and change management standards
• Evaluate emerging security technologies and continuously improve automation and security maturity

Requirements:

• 5+ years of hands-on experience in security engineering, with at least 3 years focused on cloud infrastructure security (AWS, Azure, and/or GCP)
• Experience integrating security tooling into CI/CD platforms (GitHub Actions, Azure DevOps, GitLab CI, Jenkins, etc.)
• Experience securing AI/ML infrastructure, including model APIs, data pipelines, vector databases, and inference endpoints
• Experience with AI technologies, ability to monitor LLM usage, audit model access controls, etc
• API abuse detection across the entire SDLC
• Strong experience with IaC tools (Terraform, CloudFormation, ARM)
• Familiarity with container security and Kubernetes environments
• Experience with SAST, DAST, SCA, and dependency scanning tools
• Proficiency in Python or equivalent scripting language
• Strong knowledge of IAM, encryption, OAuth/OIDC, RBAC, and secure cloud architecture principles
• Understanding of compliance & security frameworks (SOC 2, ISO 27001, NIST)
• Exposure to mobile application security on native iOS and/or Android platforms, including API security, token management, and mobile threat defense
• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
• Security certifications highly desirable (AWS, Azure, GCP, CISSP, CCSP, GIAC, etc.)