DevSecOps Engineer

Responsibilities

• Manage release engineering , branching strategies, automated deployments, metadata diffing, sandbox seeding, and rollback playbooks ( Salesforce / GearSet are currently core applications)
• Design and operate secure CI/CD pipelines and cloud-native services ( Salesforce, AWS , Snowflake)
• Work in conjunction with other IT teammates to identify and resolve technical pipeline issues and escalate items while retaining ownership
• Embed automated security gates ( SAST, DAST, SCA, IaC scanning ) , container image scanning, and secrets detection directly into developer workflows
• Support and extend AI and Snyk code quality gates
• Architect and maintain AWS infrastructure IaC ( Terraform ) , with security baselines enforced via policy-as-code
• Containerize workloads with Docker, orchestrate via ECS/EKS (or AKS) , and harden images against CVEs and supply-chain attacks (SBOMs, signing, provenance)
• Partner with security team for pipeline incident response and infrastructure security events and postmortems
• Continuously evaluate tool alerts and reduce alert fatigue through tuning and automation
• Support and troubleshoot all pipeline & IaC tools to ensure engineering adoption
• Contribute to scrum ceremonies as a technical voice on delivery, release readiness, and risk
• Core Experience
• 10+ years of professional software development experience across one or more of: Java, .N ET/C# , Python, Node.js, or Apex
• 5+ years in a DevOps, SRE, or Platform Engineering role, with at least the last 2 years explicitly focused on DevSecOps practices
• Demonstrated history of owning production systems end-to-end ( design, deployment, monitoring, and incident response )
• Independent problem solver able to investigate, identify , evaluate, and drive practical solutions
• Salesforce Delivery
• Hands-on experience for Salesforce CI/CD: pipeline configuration, automated testing, problem analysis, and unit test coverage enforcement ( GearSet preferred)
• Strong understanding of Salesforce metadata, sandbox strategy, and Apex test automation
• Experience integrating Salesforce deployments with Git-based source-of-truth workflow s
• Cloud & Infrastructure
• AWS at depth: IAM, VPC design, KMS, Secrets Manager, GuardDuty , Security Hub, CloudTrail, Config, WAF
• Docker and container orchestration (ECS, EKS, or Kubernetes) in production
• Infrastructure as Code: Terraform (preferred) with modular, reusable, policy-checked patterns.
• CI/CD platforms: GitHub Actions, GitLab CI, Jenkins, or CircleCI
• Security Tooling & Practices
• SAST/DAST/SCA tooling; e.g. Snyk (preferrable) , Checkmarx , SonarQube
• Container/image scanning , SBOM generation , and p olicy-as-code
• Soft Skills
• Strong communication - you can explain a vulnerability to an executive and a regex to a junior engineer in the same afternoon
• Pragmatic risk thinker - you know when to block a deploy and when to file a ticket
• Collaborative; sensitive to "security as a department of no"

Requirements

• Salesforce certifications (Platform Developer I/II)
• AWS certifications (Solutions Architect Professional, Securi t y Specialty)

Additional Information

Position Summary : CPI is looking for a DevSecOps Engineer to join our application engineering team . This is not a traditional DevOps role . T his role must recognize and imbed security a cross the entire application delivery lifecycle . This teammate d riv es efficiency into the engineering team's work , while e mbedding controls, automation, and threat-aware thinking into every pipeline, deployment, and platform. You'll work at the intersection of Salesforce delivery, cloud infrastructure, and application security, partnering with engineers and security team mate s to ship faster and safer.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cpisecurity? Share your experience