DevSecOps Engineer

Position Type: Contractor, Full-time (1880 hrs. per year)

Position Location: Fully Remote

Aedify is seeking a DevSecOps Engineer to help our clients improve their software security programs, security testing pipelines, third-party software management, and release engineering practices.

The DevSecOps Engineer will work directly with client teams to formalize and operationalize secure development processes, integrate security testing tools into pipelines, and develop sustainable release engineering processes. This role will also help establish a separate, trusted, and compartmentalized release engineering function distinct from R&D software development.

1. Documenting and communicating software security mandates, standards, and stakeholder roles across customer organizations.
2. Integrating and configuring security tools into existing development pipelines (e.g., SAST and SCA tools).
3. Assisting teams in tool evaluation, setup, and adoption across SDLC stages.
4. Advising on and defining internal threat modeling practices.
5. Supporting third-party software governance, including open-source and commercial dependencies, using automation.
6. Coordinating external reviews and penetration testing with stakeholders.
7. Designing and implementing trusted release engineering processes that separate release packaging, signing, and artifact promotion from R&D practices.
8. Defining secure, auditable, and independently operated release workflows with stakeholders.
9. Establishing controls for release artifact integrity, provenance tracking (e.g., SLSA), and environment isolation.
10. Researching, prototyping, and recommending industry-aligned DevSecOps and release engineering best practices (e.g., NIST SSDF, SLSA, CNCF).

This position requires a proactive individual with strong technical skills, capable of working hands-on in CI/CD environments and formalizing release governance, while effectively communicating security and operational concepts to diverse audiences.

• Experience working with Security Management, Application Development, IT, and Security Engineering teams.
• Proven ability to implement security tooling within agile and DevOps pipelines.
• Familiarity with GitOps and CI/CD platforms (e.g., Azure DevOps, GitHub Actions, GitLab CI/CD, Jenkins).
• Hands-on experience with security testing tools (e.g., Veracode, Checkmarx, Snyk, Fortify, SonarQube).
• Experience defining or improving release engineering processes and artifact workflows.
• Knowledge of third-party software risk management and SBOM processes.
• Ability to translate security policies and threat models into pipeline controls.
• Strong written communication skills for technical documentation and presentations.
• Independent work ethic with initiative to drive projects forward.
• Curiosity and ability to research emerging DevSecOps practices.

• Knowledge of enterprise platforms like JEE, Node.js, Python, or full-stack environments.
• Experience with Infrastructure-as-Code tools (Terraform, CloudFormation) and cloud architectures.
• Understanding of cloud security best practices in AWS, Azure, or GCP.
• Hands-on experience with Secure SDLC processes and release practices.
• Familiarity with software supply chain security frameworks (SLSA, in-toto, OCI signing).

• BSc in Computer Science, Engineering, or related; Master’s preferred.
• 5+ years in software development, DevOps, or security engineering.
• 3+ years in DevSecOps or release engineering initiatives.

At Aedify, we empower organizations to mature securely at scale, nurturing individual growth. We value deep listening and collaboration, working shoulder to shoulder with clients to deliver security outcomes efficiently.

We embrace diversity and equal opportunity, welcoming applicants from all backgrounds to enrich our team. Join us where passion meets purpose, and growth and security are our shared goals. Contact careers@aedify.com for more information.

• Mid-Senior level

• Contract

• Engineering and Information Technology