Job description

Role: Application Security Architect with strong DevSecOps Location: NJ/Charlotte (Day 1 onsite) Job Type: Full Time Key Responsibilities • Assess the architecture, controls, processes and deployments of secure CI/CD pipelines • Assess current integrations of security controls and automation in the development workflows • Collaborate with development, operations, and security teams to understand the security best practices and compliance standards • Review the adoption of secure coding practices and their effectiveness • Evaluate potential options for automating security checks, integrating security tools and controls, and ensuring security throughout the development lifecycle • Strategize and develop plans to modernize pipelines and remove manual processes Required Skills & Qualifications • Proven hands-on experience in designing and securing DevOps pipelines and security engineering roles • Expertise in cloud technologies, automation tools, security controls, and a strong understanding of security frameworks and compliance standards • Proven experience working with development, operations, and security teams to integrate security practices into the development lifecycle • Strong understanding of CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, Azure DevOps). • Working knowledge in branching strategy and development lifecycle management. • Expertise in containerization and orchestration (e.g., Docker, Kubernetes). • Proficiency in infrastructure as code (IaC) tools (e.g., Terraform, Ansible, CloudFormation). • Deep knowledge of security tools and practices (e.g., SAST, DAST, SCA, secrets management). • Experience with cloud platforms (AWS, Azure, GCP) and their security services. • Strong understanding on secure development lifecycle framework, secure code practice and OWASP Top10 vulnerabilities and remediation. • Good knowledge of scripting skills (e.g., Python, Bash, PowerShell). • Familiarity with compliance frameworks (e.g., NIST, ISO 27001, SOC 2). Preferred Qualifications • Certifications: CISSP, CCSP, or equivalent. Azure, AWS or GCP certification (Security and Devops)

Requirements