DevSecOps Engineer

Location: Remote

Employment Type: Part-Time, Unpaid (Volunteer)**

Role Overview

We are seeking a motivated DevSecOps Engineer to strengthen the security and reliability of our cloud applications and CI/CD workflows. This position continues the ongoing security automation efforts established under the current DevSecOps role. The ideal candidate combines foundational security knowledge with curiosity and a willingness to learn new tools and processes while contributing directly to meaningful non-profit technology projects.

Key Responsibilities

• Integrate and maintain security automation within CI/CD pipelines, including:
  • Static analysis (SAST) for code vulnerabilities.
  • Dynamic testing (DAST) for runtime exposures.
  • Dependency and vulnerability scanning using Semgrep, OWASP ZAP, and Dependabot.
  • Secret scanning to detect exposed keys, tokens, or credentials before release.
• Collaborate with developers and DevOps to triage and remediate vulnerabilities identified in builds or environments.
• Contribute to secure GitHub branching, approval, and dependency-management workflows.
• Monitor and interpret findings from AWS-native security services such as Security Hub, GuardDuty, Config, CloudTrail, and CloudWatch to detect misconfigurations or suspicious activity.
• Support least-privilege IAM configurations and secure AWS role usage.
• Document security standards, scanning procedures, and remediation guidelines.
• Participate in incident response simulations and post-incident analysis.

Required Qualifications

• CompTIA Security+ certification (or higher).
• Understanding of Git workflows and CI/CD concepts.
• Familiarity with at least one scanning or automation tool (e.g., OWASP ZAP, Semgrep, Trivy, or Snyk).
• Basic awareness of AWS security services, IAM principles, and secure configuration practices.
• Scripting or automation experience in Bash, Python, or PowerShell.
• Strong analytical mindset, attention to detail, and commitment to continuous learning.

Preferred Qualifications

• Coursework or prior experience in cloud platforms (AWS, Azure, or GCP).
• Exposure to Infrastructure-as-Code or container security concepts.
• Interest in pursuing advanced certifications such as AWS Security Specialty, CySA+.
• Experience contributing to open-source or volunteer security projects.

Personal Attributes

• Security-first mindset with proactive problem-solving.
• Communicates clearly and collaborates respectfully with developers and operations.
• Thrives in a remote, asynchronous team environment.
• Curious, adaptable, and passionate about building secure, ethical technology solutions.