HCSS Logo

HCSS

Senior DevSecOps Engineer

Posted 17 Days Ago
Remote
Senior level
Remote
Senior level
As a Senior DevSecOps Engineer, you will enhance software security by integrating security practices into the software development lifecycle, leading application security efforts, managing cloud security in Azure, conducting security testing, and mentoring juniors.
The summary above was generated by AI

We're HCSS. We're a software company based in Sugar Land, TX and we provide innovative solutions for the construction industry that help streamline their operations. Our mission at HCSS is helping customers achieve excellence through our proven, customer-centric, end-to-end solutions and exceptionally helpful service while providing a great life for our employees. With this mission at the forefront of everything we do, we're recognized as a pioneer and leader in our market and nominated the "Best Companies to Work for in Texas" 16 years in a row.
As a Senior DevOps Engineer specializing in application security and DevSecOps, you will play a pivotal role in enhancing the security of our software development processes. You will work closely with engineering, security, and operations teams to implement and maintain security best practices, tools, and infrastructure, ensuring our cloud-based applications remain secure and resilient.
Key Responsibilities:

  1. DevSecOps Integration: Embed security into the entire software development lifecycle (SDLC) by implementing security practices, tools, and automation to support continuous integration/continuous delivery (CI/CD) pipelines.
  2. Application Security Expertise: Lead efforts in identifying, prioritizing, and mitigating security risks and vulnerabilities in both new and existing applications. Provide subject-matter expertise on application security best practices, secure coding, and threat modeling.
  3. Azure Cloud Security: Utilize Azure Cloud services to ensure secure infrastructure deployment and configuration. Implement best practices for securing Azure environments, leveraging services like Azure Key Vault, Azure Security Center, and more.
  4. Static and Dynamic Application Security Testing: Lead efforts around Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify and remediate vulnerabilities in both the codebase and runtime environments.
  5. Secrets Management: Implement, manage, and continuously improve secrets management solutions (e.g. Azure Key Vault) to protect sensitive information across multiple environments.
  6. Software Composition Analysis (SCA): Oversee software composition analysis to identify and manage vulnerabilities in third-party libraries and dependencies, ensuring compliance with security policies.
  7. Automation and Infrastructure as Code: Develop and maintain infrastructure as code (IaC) practices using tools like Terraform to automate the provisioning and management of secure cloud environments.
  8. Security Policies & Compliance: Ensure compliance with industry security standards (e.g., OWASP, NIST, CIS) and regulatory requirements. Create and enforce security policies related to application security and cloud infrastructure.
  9. Collaboration & Mentorship: Collaborate with cross-functional teams to ensure security is prioritized across development, operations, and product teams. Mentor junior engineers on DevSecOps best practices and tools.


Required Skills & Experience:

  1. Experience: Minimum of 5 years of experience in application security, DevSecOps, or a related field, with a deep focus on secure software development and security testing practices.
  2. Cloud Expertise: Strong hands-on experience with securing applications deployed in Azure environments, including using Azure-native security tools such as Azure Key Vault, Azure Security Center, Azure DevOps, and others.
  3. Security Tools & Practices: Expertise in security tools such as SAST, DAST, software composition analysis (SCA), and secrets management solutions (e.g., HashiCorp Vault, Azure Key Vault). Experience with integrating these tools into CI/CD pipelines.
  4. Programming/Scripting: Proficiency in scripting or programming languages such as Python, Go, Bash, PowerShell, or similar to automate security tasks and improve security workflows.
  5. Secure Development Lifecycle: In-depth understanding of the secure development lifecycle (SDLC) and DevSecOps best practices, with experience embedding security into every phase of software development.
  6. Vulnerability Management: Experience with vulnerability management practices, including the use of security scanning tools, risk assessment, and remediation.
  7. Compliance Knowledge: Familiarity with security compliance frameworks such as OWASP, NIST, CIS, GDPR, or similar, and experience ensuring applications meet relevant security standards and policies.
  8. Collaboration & Communication: Excellent communication skills with the ability to articulate security concepts to both technical and non-technical stakeholders. Experience collaborating cross-functionally with development, security, and operations teams.


Preferred Qualifications:

  • Security Certifications: Certified in cloud security (e.g., Microsoft Certified: Azure Security Engineer, CISSP, Certified Cloud Security Professional (CCSP), or equivalent).
  • Threat Modeling: Experience with threat modeling techniques and frameworks to assess and address potential security risks early in the design process.
  • Experience with Microservices & APIs: Strong understanding of microservices architecture and API security practices.


Benefits and Perks:
Part of our mission statement is to provide a great life for our employees. We believe that happy
employees make for a better company, so we take care of them. Here are a few of the perks we
offer:

  • Flexibility for you to work in-office or hybrid.
  • Medical and Dental Premiums.
  • On-site amenities include a covered basketball court, soccer field, 200-meter track, etc.
  • 401K with match.
  • Tuition reimbursement.
  • And more!


*For remote candidates, travel to office may be requested

Top Skills

Azure
Azure Devops
Azure Key Vault
Azure Security Center
Bash
Dast
Go
Hashicorp Vault
Powershell
Python
Sast
Terraform

Similar Jobs at HCSS

14 Days Ago
Remote
Hybrid
Houston, TX, USA
Senior level
Senior level
Software
As a Senior Software Developer, you will enhance HCSS products by analyzing and implementing features, mentoring junior developers, and leading code reviews. You'll work with technologies such as .NET, Azure, and RESTful APIs to provide high-quality service in the construction software sector.
Top Skills: .Net.Net CoreAsp.Net MvcAzureAzure CacheAzure KeyvaultAzure Service BusC#Ci/CdCSSDapperEntity FrameworkJavaScriptReactRestful ApisSpaSQLTypescript
17 Days Ago
Remote
Hybrid
Houston, TX, USA
Senior level
Senior level
Software
As a Senior Software Developer at HCSS, you will analyze and enhance product and database structures, implement significant features, collaborate with peers to improve infrastructure and reliability, share best practices, and mentor junior developers in coding best practices.
Top Skills: .Net.Net CoreAsp.Net MvcAzureC#Ci/CdCSSDockerJavaScriptLlmsNextjsOrmRagReactRestful ApisSpaSQLTypescript

What you need to know about the Singapore Tech Scene

The digital revolution has driven a constant demand for tech professionals across industries like software development, data analytics and cybersecurity. In Singapore, one of the largest cities in Southeast Asia, the demand for tech talent is so high that the government continues to invest millions into programs designed to develop a talent pipeline directly from universities while also scaling efforts in pre-employment training and mid-career upskilling to expand and elevate its workforce.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account