DevSecOps Engineer

Join New Era Technology, where People First is at the heart of everything we do. With a global team of over 4,500 professionals, we’re committed to creating a workplace where everyone feels valued, empowered, and inspired to grow. Our mission is to securely connect people, places, and information with end-to-end technology solutions at scale.At New Era, you’ll join a team-oriented culture that prioritizes your personal and professional development. Work alongside industry-certified experts, access continuous training, and enjoy competitive benefits. Driven by values like Community, Integrity, Agility, and Commitment, we nurture our people to deliver exceptional customer service.If you want to make an impact in a supportive, growth-oriented environment, New Era is the place for you. Apply today and help us shape the future of work—together. Position Summary We are seeking a Senior Application Security Automation Engineer to support a large-scale application security program with deep engineering expertise in designing, implementing, and maintaining scalable security automation solutions. Focus will be on integrating static (SAST), dynamic (DAST), and software composition analysis (SCA) tools into CI/CD pipelines to enable secure development practices across diverse software environments. The role involves close collaboration with development, security, and DevOps teams to embed security controls within the software development lifecycle, leveraging tools such as Checkmarx, Fortify, Burp Suite, OWASP ZAP, Snyk, and WhiteSource. Additional value add skills include scripting custom integrations via Python, Go, or Java, developing APIs to extend automation capabilities, and configuring security scanning in cloud-native and containerized environments (e.g., AWS, Azure, Kubernetes). Strong working knowledge of infrastructure as code (Terraform, Ansible), CI/CD platforms (Jenkins, GitHub Actions, GitLab CI), and secure coding practices is essential. The engineer will also provide actionable insights from tool results, support incident response, and mentor teams on secure development lifecycle (SDL) best practices across multiple business units. Key Responsibilities Design / build / implement and maintain scalable automation tools and pipelines for application security, including static (SAST), dynamic (DAST), and software composition analysis (SCA) scanning. Collaborate with developers, security engineers, and DevOps teams to integrate security automation seamlessly into CI/CD workflows. Identify opportunities for improving security tool coverage, efficiency, and performance. Develop custom scripts, plugins, or APIs to extend the capabilities of security testing and remediation automation. Monitor and analyze security automation tool results, generate actionable insights, and support incident response and remediation efforts. Stay up to date on the latest security automation trends, technologies, and best practices, and advocate for continuous improvement in tooling and processes. Provide mentorship and guidance to other engineers on secure coding and secure development lifecycle practices. Required Qualifications 8+ years of software engineering experience with a focus on security automation or application security. Proficiency in Python, Ruby, Go, Java, or similar programming languages. Strong understanding of application security principles, vulnerabilities (e.g., OWASP Top Ten), and remediation techniques. Hands-on experience implementing and configuring security scanning tools such as SAST (e.g., Checkmarx, Fortify), DAST (e.g., Burp Suite, OWASP ZAP), and SCA (e.g., Snyk, WhiteSource). Familiarity with CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI) and infrastructure as code tools (e.g., Terraform, Ansible) is a plus. Solid understanding of software development lifecycle (SDLC) processes and how to integrate security automation seamlessly. Excellent problem-solving skills and ability to work independently and as part of a team. Preferred Qualifications Experience with cloud-native security automation (e.g., in AWS, Azure, or GCP environments). Familiarity with container security (e.g., Docker, Kubernetes) and related security scanning solutions. Knowledge of threat modeling and security risk assessments. Below is the pay range of this position for considered candidates based on qualifications and experience. Pay Range $88 - $91 USD New Era Technology, Inc., and its subsidiaries (“New Era” “we”, “us”, or “our”) in its operating regions worldwide are committed to respecting your privacy and recognize the need for appropriate protection and management of any Personal Data that you may provide us. In this, we are also committed to providing you with a positive experience on our websites and while using our products, services and solutions (“Solutions”).View our Privacy Policy here