Senior DevSecOps Engineer – SBOM, SAST & CI/CD Security Automation (6–10 years)
We are seeking a Senior DevSecOps Engineer (6–10 years of experience) to lead security automation and tooling integration across MSD projects. This role will focus on embedding security controls into the software delivery lifecycles specifically SBOM generation and quality improvement, secret scanning, and SAST integration—and automating security report generation and publishing into platforms such as Dependency-Track and DefectDojo.
You will work closely with engineering, DevOps, and security stakeholders to ensure scalable, repeatable, and measurable security practices are implemented through CI/CD pipelines, while continuously improving technical documentation and onboarding guidance for teams adopting these capabilities.
Improve the quantity (coverage) and quality of generated SBOMs by defining standards, validation gates, and measurable KPIs (e.g., completeness, dependency accuracy, license metadata, component version resolution).
Create, maintain, and continuously improve documentation (runbooks, onboarding guides, troubleshooting, reference architecture) to support platform adoption.
Provide operational support for security tooling integrations, including triage of pipeline failures, report ingestion issues, and tooling upgrades.
