DevSecOps Engineer

Position Summary:  

CPI is looking for a DevSecOps Engineer to join our application engineering team.  This is not a traditional DevOps role.  This role must recognize and imbed security across the entire application delivery lifecycle.  This teammate drives efficiency into the engineering team’s work, while embedding controls, automation, and threat-aware thinking into every pipeline, deployment, and platform. 

You'll work at the intersection of Salesforce delivery, cloud infrastructure, and application security, partnering with engineers and security teammates to ship faster and safer. 

 
Key Responsibilities:  

• Manage release engineering, branching strategies, automated deployments, metadata diffing, sandbox seeding, and rollback playbooks (Salesforce/GearSet are currently core applications) 

• Design and operate secure CI/CD pipelines and cloud-native services  (Salesforce, AWS, Snowflake) 

• Work in conjunction with other IT teammates to identify and resolve technical pipeline issues and escalate items while retaining ownership 

• Embed automated security gates (SAST, DAST, SCA, IaC scanning), container image scanning, and secrets detection directly into developer workflows 

• Support and extend AI and Snyk code quality gates 

• Architect and maintain AWS infrastructure IaC (Terraform), with security baselines enforced via policy-as-code 

• Containerize workloads with Docker, orchestrate via ECS/EKS (or AKS), and harden images against CVEs and supply-chain attacks (SBOMs, signing, provenance) 

• Partner with security team for pipeline incident response and infrastructure security events and postmortems 

• Continuously evaluate tool alerts and reduce alert fatigue through tuning and automation 

• Support and troubleshoot all pipeline & IaC tools to ensure engineering adoption 

• Contribute to scrum ceremonies as a technical voice on delivery, release readiness, and risk 

Core Experience 

• 10 years of professional software development experience across one or more of: Java, .NET/C#, Python, Node.js, or Apex 

• 5 years in a DevOps, SRE, or Platform Engineering role, with at least the last 2 years explicitly focused on DevSecOps practices 

• Demonstrated history of owning production systems end-to-end (design, deployment, monitoring, and incident response) 

• Independent problem solver able to investigate, identify, evaluate, and drive practical solutions 

Salesforce Delivery 

• Hands-on experience for Salesforce CI/CD: pipeline configuration, automated testing, problem analysis, and unit test coverage enforcement (GearSet preferred) 

• Strong understanding of Salesforce metadata, sandbox strategy, and Apex test automation 

• Experience integrating Salesforce deployments with Git-based source-of-truth workflows 

Cloud & Infrastructure 

• AWS at depth: IAM, VPC design, KMS, Secrets Manager, GuardDuty, Security Hub, CloudTrail, Config, WAF 

• Docker and container orchestration (ECS, EKS, or Kubernetes) in production 

• Infrastructure as Code: Terraform (preferred) with modular, reusable, policy-checked patterns. 

• CI/CD platforms: GitHub Actions, GitLab CI, Jenkins, or CircleCI 

Security Tooling & Practices 

• SAST/DAST/SCA tooling;  e.g. Snyk (preferrable), Checkmarx, SonarQube 

• Container/image scanning, SBOM generation, and policy-as-code 

Soft Skills 

• Strong communication — you can explain a vulnerability to an executive and a regex to a junior engineer in the same afternoon 

• Pragmatic risk thinker — you know when to block a deploy and when to file a ticket 

• Collaborative; sensitive to "security as a department of no" 

Nice to Have 

• Salesforce certifications (Platform Developer I/II) 

• AWS certifications (Solutions Architect Professional, Security Specialty)