Senior DevSecOps Engineer

Overview

Glocomms is partnered with a leading power and energy firm to identify a Senior DevSecOps Engineer to support the build-out of secure, scalable cloud and application platforms. This individual will play a critical role in embedding security into the software development lifecycle, driving automation, and improving overall security posture across modern cloud environments.

Key Responsibilities

• Own and evolve the organization's DevSecOps strategy.
• Design, implement, and maintain security controls across cloud-native environments (Azure and AWS), ensuring alignment with industry frameworks and best practices.
• Build and enhance CI/CD pipelines using tools such as GitHub Actions, GitHub Enterprise, and Azure DevOps, with a focus on security automation and reliability.
• Lead the implementation of application security testing practices, including SAST, DAST, SCA.
• Drive vulnerability management and remediation efforts, partnering closely with engineering teams to ensure timely resolution and risk reduction.
• Develop and maintain Infrastructure as Code (IaC) and support GitOps workflows to enable consistent, automated, and secure deployments.
• Strengthen container and Kubernetes security, including container image scanning and runtime protections.
• Implement and manage cloud security posture management (CSPM) solutions to continuously monitor and improve cloud configurations.
• Oversee identity and access management (IAM) across platforms including Microsoft Entra ID and related tooling.
• Support detection and response initiatives, integrating security telemetry into tools such as Microsoft Defender and other platforms.
• Automate security processes and workflows using Python, PowerShell, Bash, or Go.
• Partner with cross-functional teams to perform code reviews, architecture reviews, and security tooling evaluations.
• Contribute to secure engineering practices and developer workflow optimization, promoting a security-first culture.

Required Qualifications

• Bachelor's degree in a related field with relevant hands-on experience.
• Strong scripting experience (Python, PowerShell, Bash, or Go).
• Experience building and maintaining CI/CD pipelines (GitHub, Azure DevOps).
• Experience with Infrastructure as Code (IaC) and secure deployment workflows.
• Experience securing containerized and Kubernetes environments.
• Strong cloud experience across Azure and AWS.
• Solid understanding of identity and access management.
• Experience supporting SOC 2 Type II and/or ISO 27001 controls.
• Strong documentation skills with ability to support audits and compliance.

Benefits

• Remote work environment
• Full medical, dental, vision insurance
• 401(K) Match