Security Engineer

ROLE DETAILS •

Title:

DevSecOps Contractor ( Security Engineer) •

Location:

Remote / Onsite (as business needs dictate) Primary Tools:

GitLab Ultimate, Docker/Kubernetes, Terraform/Ansible, SonarQube, BlackDuck or Nexus Lifecycle (SCA), Snyk or Trivy, OWASP ZAP ROLE OVERVIEW Drive security‑by‑design across GitLab CI/CD and enforce guardrails that ensure application security, compliance, and reliable delivery. The role covers vulnerability management, pipeline security, standardized secure SDLC practices, transition planning from legacy tools to GitLab‑native capabilities, and close collaboration with InfoSec, Cloud Platform, and Product teams. KEY RESPONSIBILITIES Pipeline Security & Automation • Implement and maintain automated

SAST ,

DAST ,

SCA , container scanning, and secret detection in GitLab CI/CD • Enforce policy‑as‑code: branch protection, MR approvals, vulnerability gates, artifact signing Vulnerability Management • Run periodic assessments and secure code reviews; triage findings; publish remediation plans; track SLAs to closure • Coordinate with product management and engineering to prioritize fixes Compliance & Governance • Align controls and evidence with

CIS ,

NIST , and (where applicable)

GDPR • Enable audit‑ready reporting and

SBOM

generation; integrate security KPIs into observability dashboards Infrastructure & Cloud Security • Implement secure IaC (Terraform/Ansible/CloudFormation); apply least‑privilege and zero‑trust patterns • Harden build runners, container images, registries, and deployment targets Enablement & Culture • Champion “shift‑left” security via playbooks, training, and standard toolchains • Document security runbooks; contribute to SDLC harmonization standards MUST‑HAVE QUALIFICATIONS • Hands‑on expertise with

GitLab Ultimate

security features and CI/CD administration • Proven experience embedding

SAST/DAST/SCA

into pipelines and gating releases on risk thresholds • Direct exposure to SCA tools (e.g.,

BlackDuck ,

Nexus Lifecycle /OSS Index,

Snyk ) and code quality ( SonarQube ) • Strong scripting/automation ( Python ,

Bash ,

YAML ) • Container & cloud security fundamentals (Docker/Kubernetes, registry hardening, image scanning, runtime policies) • Threat modeling, risk assessment, and remediation planning PREFERRED / NICE‑TO‑HAVE • Certifications: DevSecOps Professional,

CKS ,

Security+ , or similar • IaC security experience (Terraform +

OPA / Conftest / Checkov ) • Supply‑chain security:

SBOM

practices and artifact signing ( Cosign ), familiarity with

SLSA • Familiarity with

DORA

metrics and security KPI reporting