DevSecOpsEngineer

Position Summary:  CPI is looking for a DevSecOps Engineer to join our application engineering team. This is not a traditional DevOps role. This role must recognize and imbed security across the entire application delivery lifecycle. This teammate drives efficiency into the engineering team’s work, while embedding controls, automation, and threat-aware thinking into every pipeline, deployment, and platform. You'll work at the intersection of Salesforce delivery, cloud infrastructure, and application security, partnering with engineers and security teammates to ship faster and safer. Key Responsibilities:  Manage release engineering, branching strategies, automated deployments, metadata diffing, sandbox seeding, and rollback playbooks (Salesforce/GearSet are currently core applications) Design and operate secure CI/CD pipelines and cloud-native services (Salesforce, AWS, Snowflake) Work in conjunction with other IT teammates to identify and resolve technical pipeline issues and escalate items while retaining ownership Embed automated security gates (SAST, DAST, SCA, IaC scanning), container image scanning, and secrets detection directly into developer workflows Support and extend AI and Snyk code quality gates Architect and maintain AWS infrastructure IaC (Terraform), with security baselines enforced via policy-as-code Containerize workloads with Docker, orchestrate via ECS/EKS (or AKS), and harden images against CVEs and supply-chain attacks (SBOMs, signing, provenance) Partner with security team for pipeline incident response and infrastructure security events and postmortems Continuously evaluate tool alerts and reduce alert fatigue through tuning and automation Support and troubleshoot all pipeline e. g. Snyk (preferrable), Checkmarx, SonarQube Container/image scanning, SBOM generation, and policy-as-code Soft Skills Strong communication — you can explain a vulnerability to an executive and a regex to a junior engineer in the same afternoon Pragmatic risk thinker