Search Open Jobs

All GTN W2 consultants get full benefits. Learn more.

So sorry, this position is no longer available. Please go ahead and submit your application. We may have other positions that would be the perfect fit for you. Alternatively, you may want to apply to one of the following related jobs:

Senior DevSecOps Engineer

Houston, TX

Employment Type: Contract To Hire Job Number: 27304 Pay Rate: $60 - $80 Remote Friendly?: Fully Remote (can be located anywhere)

Job Description

Position Overview:
We are hiring a Senior DevSecOps Engineer to lead security integration across our entire software development lifecycle. As a senior team member, you will drive strategy, set standards, and implement robust, scalable security practices that ensure our development, infrastructure, and operations remain secure and compliant.

You will work closely with engineering, architecture, cloud, and security teams to implement secure-by-default solutions, build developer guardrails, and lead architecture security assessments (ASA) for mission-critical systems. This role demands deep technical expertise, strategic thinking, strong communication skills, and the ability to influence secure design and delivery at scale.
Key Responsibilities: Strategic & Leadership Responsibilities
  • Define and champion the DevSecOps strategy and roadmap to align security with development velocity.
  • Mentor and guide engineers across Dev, Sec, and Ops on secure design, automation, and risk-based decision-making.
  • Lead threat modeling and architectural risk assessments for new products and major changes.
  • Establish metrics and KPIs for DevSecOps success and drive continuous improvement.
Core Technical Responsibilities
  • Shift Left Security: Embed security controls and tools into early-stage development workflows (IDE, code review, pre-commit hooks).
  • CI/CD Security Automation: Integrate security scanning (SAST, DAST, SCA) directly into CI/CD pipelines using tools like GitHub Actions, GitLab CI, or Jenkins.
  • Infrastructure as Code (IaC): Harden cloud infrastructure via IaC (Terraform, CloudFormation), with automated policy enforcement.
  • Security Testing: Implement and manage static and dynamic analysis tools to ensure secure code across repositories and services.
  • Policy as Code: Define and enforce organizational security policies using frameworks like OPA (Open Policy Agent), Sentinel, or custom rulesets.
  • Automated Security: Build automated pipelines for vulnerability scanning, compliance checks, and secret detection.
  • Continuous Monitoring & Logging: Deploy monitoring solutions for real-time threat detection (e.G., GuardDuty, CloudTrail, SIEM tools).
  • Architecture Diagrams: Create and maintain high-quality architecture and security diagrams for all commercial software platforms and systems.
  • Guardrails & Governance: Develop developer-facing security guardrails, including pre-approved patterns and automated feedback mechanisms.
  • Architecture Security Assessments (ASA): Lead ASA reviews for all significant changes, ensuring secure-by-design implementation.
  • Threat Modeling: Drive proactive threat modeling exercises across products and platforms.
Operational Security Focus
  • Web Application Firewalls (WAF): Design and maintain WAF rules and architecture (e.G., AWS WAF, Cloudflare).
  • API Gateway Security: Secure APIs at the gateway level with authentication, rate limiting, and input validation (e.G., AWS API Gateway, Kong, Apigee).
  • Inline Source Code Scanning: Integrate IDE plugins or Git hooks to scan code in real time and reduce feedback cycles.
Required Qualifications:
  • 6+ years of hands-on experience in DevSecOps, Application Security, or Cloud Security engineering roles.
  • Deep understanding of secure software development, DevOps principles, and cloud-native architectures.
  • Proven experience with CI/CD tools and security automation.
  • Strong scripting and development skills in languages such as Python, Go, or Bash.
  • Experience designing and operating secure cloud environments (AWS, Azure, GCP).
  • Proficiency with IaC and configuration management tools (Terraform, Ansible, CloudFormation).
  • Strong knowledge of container security and orchestration tools (e.G., Kubernetes, Docker, Helm).
  • Demonstrated experience with enterprise security tooling for scanning, monitoring, and policy enforcement.
  • Skilled in creating detailed technical diagrams, security artifacts, and documentation.
  • Strong written and verbal communication skills to influence engineering and leadership teams.
Preferred Qualifications:
  • Industry certifications: CISSP, CSSLP, OSCP, GCP/AWS/Azure Security Specialist, or equivalent.
  • Experience with policy-as-code frameworks (OPA/Rego, HashiCorp Sentinel).
  • Hands-on experience with secrets management solutions (e.G., Vault, AWS Secrets Manager).
  • Familiarity with regulatory and compliance standards (SOC 2, ISO 27001, HIPAA, PCI-DSS).
  • Previous experience conducting red team/blue/purple team exercises or penetration testing or equivalent.
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.

About Houston, TX

Discover exciting job opportunities in the vibrant region around Houston, Texas! Known for its thriving economy, diverse industries, and endless growth prospects, Houston offers an enticing landscape for career-minded individuals. With world-class museums like the Museum of Fine Arts and a rich culinary scene showcasing Tex-Mex delights, BBQ joints, and food trucks serving up local flavors, Houston is a melting pot of culture and creativity. Home to the renowned Space Center Houston, the historic Astrodome, and professional sports teams like the Rockets and the Astros, this region exudes energy and excitement. Embrace the charm of this dynamic area while exploring job listings that could lead you to a fulfilling career right here in Houston!