DevSecOps Engineer

POSITION PURPOSE

The DevSecOps Engineer integrates security and compliance into the software development lifecycle, CI/CD pipelines, application workflows and cloud infrastructure. This role ensures secure-by-design principles are embedded across YPO’s global, AI-first, mobile-native platforms, protecting confidentiality, integrity, and availability while enabling engineering velocity.

PRIMARY RESPONSIBILITIES

• Architect, implement, and continuously improve secure-by-design controls across multi-cloud environments (AWS, Azure, GCP), including network segmentation, encryption, secrets management, secure APIs, and container platforms (Kubernetes, ECS, AKS).

• Develop and enforce Infrastructure as Code and policy-as-code guardrails (Terraform, CloudFormation, ARM, OPA, Sentinel, Azure Policy, AWS SCPs) with automated configuration validation and remediation.

• Design and maintain security controls within CI/CD pipelines, integrating SAST, DAST, SCA, container and IaC scanning, and automated security gates to prevent high-risk code while optimizing pipeline performance.

• Lead threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, and security design/code reviews to mitigate risk prior to deployment.

• Define and promote secure coding standards for backend APIs, mobile applications, and AI-powered services; partner with developers to remediate vulnerabilities and improve triage accuracy.

• Enforce and audit enterprise IAM and Zero Trust principles (RBAC, PAM, SSO, MFA, OAuth/OIDC, SAML), including access reviews, entitlement governance, and privilege drift detection.

• Own the vulnerability management lifecycle, including asset discovery, continuous scanning, risk-based prioritization, remediation tracking, penetration testing coordination, and risk register reporting.

• Integrate application and cloud telemetry into SIEM/SOAR platforms; define detection standards, support log ingestion strategy, conduct threat hunting, and assist with incident response and forensic investigations

• Develop and maintain incident response playbooks, tabletop exercises, and cloud/pipeline-specific runbooks.

• Cooperate with the IT Security & Operations team to document risks within the risk register, track remediation progress and incident response.

• Partner with Cloud Engineering teams to secure infrastructure and services.

• Automate security operations, compliance validation, audit artifact generation, dashboards, and reporting using scripting (Python preferred).

• Operationalize compliance frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, CCPA), support audit readiness and third-party risk management, and ensure alignment with internal governance and change management standards.

• Evaluate emerging security technologies and continuously improve automation and security maturity.

SKILLS

• Ability to work collaboratively in a multi-cultural organization with international members, helping them achieve excellence in voluntary roles for YPO initiatives.  

• Excellent interpersonal skills, including strong diplomacy skills with the ability to build meaningful relationships with all levels of associates, members and vendors. Adaptable, insightful, empathetic and reliable. Great sense of humor and humility.  

• Resourceful and able to work independently with initiative and common sense. Effective time management, organization and prioritization skills with the ability to focus on varied projects simultaneously.  

• Possesses a distinct global mindset, sensitive to local and international customs and protocols.   

• Demonstrate empathy through active listening and asking the right questions to find the source of an issue.  

• Able to identify problems, research alternatives, provide solutions and/or resolve issues in a timely manner. Anticipates member/internal client needs and delivers with clarity.  

• Analytical thinker with ability influence and guide processes with appropriate approach and execution. Natural curiosity and desire to learn more; proficiency and interest in applying new technologies and tools.  

• Excellent verbal and written communication skills, including proof reading, with a meticulous attention to detail. Adjusts communication style appropriately to the audience.   

• Professional presence, appearance, and stature to interact easily with YPO members, C-level executives and peers at all levels within the organization.   

• Strong ability to translate complex security risks into clear business decisions.

• Demonstrated ability to work collaboratively across product, engineering, and global teams.

• Analytical thinker with strong architectural judgment and risk-based decision making.

• High degree of discretion and integrity in handling confidential information.

• Ability to operate independently in fast-moving, ambiguous environments.

EXPERIENCE/BACKGROUND

• 5+ years of hands-on experience in security engineering, with at least 3 years focused on cloud infrastructure security (AWS, Azure, and/or GCP).

• Experience integrating security tooling into CI/CD platforms (GitHub Actions, Azure DevOps, GitLab CI, Jenkins, etc.).

• Experience securing AI/ML infrastructure, including model APIs, data pipelines, vector databases, and inference endpoints.

• Experience with AI technologies, ability to monitor LLM usage, audit model access controls, etc.

• API abuse detection across the entire SDLC.

• Strong experience with IaC tools (Terraform, CloudFormation, ARM).

• Familiarity with container security and Kubernetes environments.

• Experience with SAST, DAST, SCA, and dependency scanning tools.

• Proficiency in Python or equivalent scripting language.

• Strong knowledge of IAM, encryption, OAuth/OIDC, RBAC, and secure cloud architecture principles.

• Understanding of compliance & security frameworks (SOC 2, ISO 27001, NIST).

• Exposure to mobile application security on native iOS and/or Android platforms, including API security, token management, and mobile threat defense.

EDUCATION/TRAINING/CERTIFICATION

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).

• Security certifications highly desirable (AWS, Azure, GCP, CISSP, CCSP, GIAC, etc.).

PHYSICAL REQUIREMENTS

• Ability to work flexible and/or extended hours as needed to accommodate members and team members in multiple time zones.

• Willingness and ability to travel, domestically and internationally, without restrictions, approximately 5-10% per year.

EOE

YPO is an Equal Opportunity Employer. YPO takes pride in supporting a diverse workforce and demonstrates this through its policies and practices. YPO does not discriminate in recruiting, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, marital or veteran status, disability, or any other legally protected status.