CORE PROFILE:
The DevSecOps Specialist plays a key role in embedding security across the software development lifecycle. With a deep understanding of application security and secure development practices, this role focuses on automating and scaling security across CI/CD pipelines, helping engineering teams build secure software without sacrificing speed. Working closely with product, tech and operations teams, the DevSecOps Specialist simplifies security adoption. Automating compliance, reducing risks and making security a seamless part of the DevOps process. The goal is to protect applications while keeping development fast and efficient.
NATURE OF WORK:
- The DevSecOps Specialist ensures that security is a fundamental part of Maya's development lifecycle, working at the intersection of security, engineering and operations. Responsibilities:
- Own the integration and continuous improvement of AppSec tools (SAST, SCA, DAST) in CI/CD workflows.
- Lead security reviews for high-impact features and services.
- Design and maintain security-as-code pipelines and controls at the application layer.
- Conduct deep-dive threat modeling for product features, APIs and services.
- Drive adoption of secure coding practices and provide security guidance to engineers during design and implementation.
- Automate detection and remediation of application-level vulnerabilities.
- Support the Office of the CISO in executing security strategies and initiatives.
DISPLAYED SKILL MASTERY
- 35 years in AppSec, DevSecOps, or related SDLC security engineering roles.
- Strong experience with CI/CD integration for SAST, SCA, and DAST tools.
- Familiarity in Python, JavaScript or similar for automation of security checks.
- Knowledge of modern web app and API security risks (e.g. OWASP Top 10).
- Familiarity with secure coding patterns and anti-patterns.
- Understanding of OAuth, tokenization, and application-level authz/authn controls.
- Experience conducting or supporting threat modeling sessions with product teams.
REQUIRED QUALIFICATIONS
- Bachelor Degree in Information Technology, Computer Science, or equivalent
- 3+ years of practical experience in DevSecOps, Security Automation, or Application Security.
- Hands-on experience with CI/CD pipelines, security tooling and DevOps practices.
- Strong programming/scripting skills (Python, Java, Bash) for security automation.
- Experience with cloud security and compliance frameworks (AWS, PCI DSS, ISO 27001).
- Understanding of container security, Kubernetes, and microservices security.
- Familiarity with code review practices, threat modeling, and product-level risk analysis.
- Solid knowledge of secure software development principles.
- Familiarity with OAUTH protocols for secure authentication and authorization.
