DevOps Engineer

Job Description

Help TAB provide access to financial success for everyone by embedding security into every phase of the software development lifecycle.  This position represents an evolution of our Application Security function, with a strategic shift toward proactively partnering with our DevOps team to implement security practices earlier in the development process (shift-left).  As a DevSecOps Engineer, you will champion secure-by-design principles, support CI/CD security integration, and ensure compliance with regulatory expectations in a banking environment.

Essential Duties and Responsibilities:

• Embed security controls and testing into CI/CD pipelines and cloud infrastructure, ensuring security is early, automated, and scalable across the development lifecycle.
• Work closely with DevOps, developers, and product teams to guide secure architecture decisions, conduct threat modeling, and support secure coding practices.
• Evaluate, implement, and manage security tools such as SAST, DAST, SCA, and secrets detection within DevOps workflows.  Drive automation to reduce manual security work.
• Identify, triage, and work with teams to remediate vulnerabilities in applications and infrastructure using tools and techniques aligned with regulatory and risk management requirements.
• Lead initiatives that promote security best practices during planning, design, and code review stages of development.
• Collaborate with DevOps on container security, infrastructure-as-code scanning, and secure deployment practices in cloud and hybrid environments.
• Deliver secure coding training, maintain good working relationships with development teams, and advocate for security-first culture across technology teams.
• Ensure alignment with banking regulations and internal security policies and provide evidence or technical insight during audits or regulatory reviews.
• Other duties as assigned.

Required education and experience:

• 3 years of experience in application security, DevSecOps, or related roles.
• Hands-on experience with SAST, DAST, SCA, and container and code scanning tools.
• Experience working with infrastructure-as-code (e.g., Terraform, CloudFormation) and AWS cloud.
• Act with integrity, take pride in your work, seek to excel, be curious, adaptable and communicate well.

 Preferred education and experience:

• Experience in a regulated industry such as banking or financial services.
• Certifications such as CISSP, GWAPT, GCSA, CSSLP, or similar.
• Experience with Kubernetes and container orchestration security.
• Exposure to compliance frameworks (e.g., FFIEC, NIST, PCI-DSS, ISO 27001, GLBA).

 Competencies:

• Strong knowledge of CI/CD pipelines and integration of security tooling (e.g., GitHub Actions, GitHub advanced security).
• Familiarity with secure software development practices and OWASP Top 10.
• Ability to communicate complex security topics clearly to both technical and non-technical stakeholders.
• Critical thinking skills and the ability to solve problems as they arise.

TAB Bank Offers:

• Onsite Gym
• Tuition Reimbursement
• Paid Holidays
• Gym Reimbursement
• College Scholarships for Employees and Families
• 401(k)
• Paid Time Off (PTO)
• Employee Assistance Program (EAP)
• I Made the Grade
• Holiday Club Program
• Medical, Dental, Vision, Life and AD&D, Voluntary Disability, Flex Spending & Dependent Care

TAB Bank will not sponsor applicants for work visas.