What are the responsibilities and job description for the Application Security Engineer (DevSecOps as a Service Lead) position at TrollEye Security?
Application Security Engineer (DevSecOps as a Service Lead)
Department: Offensive Security Operations
Reports to: Offensive Security Operations Manager
Location: Dawsonville, GA (onsite)
Employment Type: Full-Time
Overview
We are seeking an experienced Application Security Engineer to lead our DevSecOps as a Service program. This role bridges the gap between security, development, and operations, helping client organizations integrate security best practices directly into their development lifecycles. You will be responsible for designing, implementing, and maintaining secure automation frameworks that support continuous integration and continuous delivery (CI/CD) pipelines.
The ideal candidate will have strong technical experience in secure software development, automation, and infrastructure as code (IaC), as well as excellent communication skills to engage directly with both internal and client engineering teams.
Key Responsibilities
- Lead the DevSecOps as a Service initiative, guiding client development and operations teams in embedding security throughout the SDLC.
- Architect, deploy, and maintain secure CI/CD pipelines leveraging tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.
- Integrate security scanning tools (SAST, DAST, SCA, container scanning, secret detection) into automated build and deployment workflows.
- Develop and manage Infrastructure as Code (IaC) security standards using Terraform, Ansible, and related automation frameworks.
- Conduct security reviews of application architectures, source code, and deployment configurations.
- Define and enforce security baselines, policies, and best practices across client environments.
- Partner with development and operations teams to identify and remediate vulnerabilities early in the pipeline.
- Build automation to support continuous compliance, drift detection, and threat modeling integration.
- Collaborate with the Offensive Security Operations Manager to align DevSecOps services with overall threat exposure management and testing strategies.
- Provide mentorship, technical documentation, and training to client and internal teams on secure DevOps practices.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field (or equivalent practical experience).
- 5 years of hands-on experience in Application Security, DevSecOps, or Secure Software Engineering.
- Strong understanding of CI/CD pipelines, Git-based workflows, and secure deployment practices.
- Proficiency in Terraform, Ansible, and related automation tools.
- Experience integrating security tools (e.g., SonarQube, Checkov, Trivy, OWASP ZAP, Snyk, or similar) into DevOps pipelines.
- Familiarity with containerization (Docker, Kubernetes) and securing cloud-native deployments.
- Excellent understanding of software supply chain security, secret management, and identity and access controls.
- Strong scripting skills in one or more languages (Python, Go, Bash, PowerShell).
- Ability to work cross-functionally with development, operations, and security stakeholders.
Preferred Qualifications
- Experience with threat modeling, penetration testing, or offensive security assessments.
- Certifications such as GIAC GWAPT, GCSA, GCPN, OSWE, or CSSLP.
- Experience working with multi-tenant or client-facing DevSecOps programs.
- Knowledge of cloud security best practices (AWS, Azure, or GCP).
Soft Skills
- Strong leadership and collaboration abilities.
- Excellent written and verbal communication skills.
- Proactive problem-solving and initiative-taking approach.
- Comfortable working in fast-paced, client-facing environments.
Department: Offensive Security Operations
Reports to: Offensive Security Operations Manager
Location: Dawsonville, GA (onsite)
Employment Type: Full-Time
Overview
We are seeking an experienced Application Security Engineer to lead our DevSecOps as a Service program. This role bridges the gap between security, development, and operations, helping client organizations integrate security best practices directly into their development lifecycles. You will be responsible for designing, implementing, and maintaining secure automation frameworks that support continuous integration and continuous delivery (CI/CD) pipelines.
The ideal candidate will have strong technical experience in secure software development, automation, and infrastructure as code (IaC), as well as excellent communication skills to engage directly with both internal and client engineering teams.
Key Responsibilities
- Lead the DevSecOps as a Service initiative, guiding client development and operations teams in embedding security throughout the SDLC.
- Architect, deploy, and maintain secure CI/CD pipelines leveraging tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.
- Integrate security scanning tools (SAST, DAST, SCA, container scanning, secret detection) into automated build and deployment workflows.
- Develop and manage Infrastructure as Code (IaC) security standards using Terraform, Ansible, and related automation frameworks.
- Conduct security reviews of application architectures, source code, and deployment configurations.
- Define and enforce security baselines, policies, and best practices across client environments.
- Partner with development and operations teams to identify and remediate vulnerabilities early in the pipeline.
- Build automation to support continuous compliance, drift detection, and threat modeling integration.
- Collaborate with the Offensive Security Operations Manager to align DevSecOps services with overall threat exposure management and testing strategies.
- Provide mentorship, technical documentation, and training to client and internal teams on secure DevOps practices.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field (or equivalent practical experience).
- 5 years of hands-on experience in Application Security, DevSecOps, or Secure Software Engineering.
- Strong understanding of CI/CD pipelines, Git-based workflows, and secure deployment practices.
- Proficiency in Terraform, Ansible, and related automation tools.
- Experience integrating security tools (e.g., SonarQube, Checkov, Trivy, OWASP ZAP, Snyk, or similar) into DevOps pipelines.
- Familiarity with containerization (Docker, Kubernetes) and securing cloud-native deployments.
- Excellent understanding of software supply chain security, secret management, and identity and access controls.
- Strong scripting skills in one or more languages (Python, Go, Bash, PowerShell).
- Ability to work cross-functionally with development, operations, and security stakeholders.
Preferred Qualifications
- Experience with threat modeling, penetration testing, or offensive security assessments.
- Certifications such as GIAC GWAPT, GCSA, GCPN, OSWE, or CSSLP.
- Experience working with multi-tenant or client-facing DevSecOps programs.
- Knowledge of cloud security best practices (AWS, Azure, or GCP).
Soft Skills
- Strong leadership and collaboration abilities.
- Excellent written and verbal communication skills.
- Proactive problem-solving and initiative-taking approach.
- Comfortable working in fast-paced, client-facing environments.