Job Specifications
Application Security Engineer (DevSecOps as a Service Lead)
Department: Offensive Security Operations
Reports to: Offensive Security Operations Manager
Location: Dawsonville, GA (onsite)
Employment Type: Full-Time
Overview
We are seeking an experienced Application Security Engineer to lead our DevSecOps as a Service program. This role bridges the gap between security, development, and operations, helping client organizations integrate security best practices directly into their development lifecycles. You will be responsible for designing, implementing, and maintaining secure automation frameworks that support continuous integration and continuous delivery (CI/CD) pipelines.
The ideal candidate will have strong technical experience in secure software development, automation, and infrastructure as code (IaC), as well as excellent communication skills to engage directly with both internal and client engineering teams.
Key Responsibilities
- Lead the DevSecOps as a Service initiative, guiding client development and operations teams in embedding security throughout the SDLC.
- Architect, deploy, and maintain secure CI/CD pipelines leveraging tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.
- Integrate security scanning tools (SAST, DAST, SCA, container scanning, secret detection) into automated build and deployment workflows.
- Develop and manage Infrastructure as Code (IaC) security standards using Terraform, Ansible, and related automation frameworks.
- Conduct security reviews of application architectures, source code, and deployment configurations.
- Define and enforce security baselines, policies, and best practices across client environments.
- Partner with development and operations teams to identify and remediate vulnerabilities early in the pipeline.
- Build automation to support continuous compliance, drift detection, and threat modeling integration.
- Collaborate with the Offensive Security Operations Manager to align DevSecOps services with overall threat exposure management and testing strategies.
- Provide mentorship, technical documentation, and training to client and internal teams on secure DevOps practices.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field (or equivalent practical experience).
- 5+ years of hands-on experience in Application Security, DevSecOps, or Secure Software Engineering.
- Strong understanding of CI/CD pipelines, Git-based workflows, and secure deployment practices.
- Proficiency in Terraform, Ansible, and related automation tools.
- Experience integrating security tools (e.g., SonarQube, Checkov, Trivy, OWASP ZAP, Snyk, or similar) into DevOps pipelines.
- Familiarity with containerization (Docker, Kubernetes) and securing cloud-native deployments.
- Excellent understanding of software supply chain security, secret management, and identity and access controls.
- Strong scripting skills in one or more languages (Python, Go, Bash, PowerShell).
- Ability to work cross-functionally with development, operations, and security stakeholders.
Preferred Qualifications
- Experience with threat modeling, penetration testing, or offensive security assessments.
- Certifications such as GIAC GWAPT, GCSA, GCPN, OSWE, or CSSLP.
- Experience working with multi-tenant or client-facing DevSecOps programs.
- Knowledge of cloud security best practices (AWS, Azure, or GCP).
Soft Skills
- Strong leadership and collaboration abilities.
- Excellent written and verbal communication skills.
- Proactive problem-solving and initiative-taking approach.
- Comfortable working in fast-paced, client-facing environments.
About the Company
At TrollEye Security, we help organizations reduce risk, consolidate tools, and streamline compliance through a continuous, unified, and partnership-driven approach to exposure management. Our continuous testing process identifies, validates, and guides the remediation of exposures across your entire attack surface, from infrastructure and applications to supply chain and dark web risks. Every validated finding is managed through our integrated exposure management platform, centralizing visibility and streamlining remediatio...
Know more