ABOUT THE POSITION
We are seeking a highly skilled and motivated DevSecOps Engineer to join our team. In this role, you will be responsible for integrating security practices into our DevOps processes, ensuring that security is embedded throughout the entire software development lifecycle (SDLC). You will work closely with development, operations, and security teams to identify and mitigate risks, implement security controls, and promote a culture of security-first thinking. This role reports directly to the Head of Product Security.
Key Responsibilities Include:
•Implement and manage security test tooling, ensuring integration into build pipelines to automate vulnerability detection and remediation.
•Roll out and manage third-party security tools, working closely with vendors to ensure seamless integration and functionality.
•Enable a secure software supply chain by implementing frameworks that ensure security is maintained across all dependencies, components, and third-party libraries.
•Design and implement a secure software factory, embedding security best practices in the build and deployment processes from the ground up.
•Perform security hardening of both the development pipelines and operational environments, ensuring systems are resilient against threats and vulnerabilities.
•Partner with development, DevOps, and operations teams to embed security into every phase of the software lifecycle and cloud infrastructure management.
\n
What will our ideal candidate bring to Fluence? - Bachelor's degree in computer science, information security, or related field.
- 3+ years of hands-on experience DevSecOps or security engineering roles.
- Relevant certifications (e.g., CISSP, CCSP, CEH, AWS Security Specialty or equivalent).
- Experience with security test tooling (SAST, DAST, SCA) and integrating them into agile environment and build pipelines.
- Strong experience in implementing and managing vendor security tools across various cloud platforms (AWS, GCP, Azure).
- Proficiency in cloud security and securing infrastructure through Infrastructure as Code (IaC).
- Container security knowledge (Docker, Kubernetes), with expertise in hardening containerized environments.
- Deep understanding of supply chain security frameworks and secure software development practices.
- Proficiency in automation and scripting (Python, Bash) to support security workflows.
\n