YPO
DevSecOpsEngineer
Neural analysis suggests this role is
optimal for Senior candidates.
“DevSecOps Engineer at YPO. Skills: Cloud infrastructure security, CI/CD pipeline security, Infrastructure as Code, Vulnerability management. Architect secure controls. Implement secure controls”
What You'll Achieve.
Ensures secure-by-design principles are embedded; Protecting confidentiality, integrity, and availability; Enabling engineering velocity; Automated configuration validation and remediation; Prevent high-risk code; Optimizing pipeline performance; Mitigate risk prior to deployment; Improve triage accuracy; Access reviews; Entitlement governance; Privilege drift detection; Remediation tracking; Penetration testing coordination; Risk register reporting; Define detection standards; Support log ingestion strategy; Conduct threat hunting; Assist with incident response; Assist with forensic investigations; Support audit readiness; Support third-party risk management; Ensure alignment with internal governance and change management standards
Industry & Context.
Identify problems; Research alternatives; Provide solutions; Resolve issues in a timely manner; Anticipates member/internal client needs; Analytical thinker; Architectural judgment
Ability to work flexible and/or extended hours, Willingness and ability to travel, domestically and internationally, without restrictions, approximately 5-10% per year
What They're Looking For.
Must Have
5+ years of hands-on experience in security engineering, at least 3 years focused on cloud infrastructure security (AWS, Azure, and/or GCP), Experience integrating security tooling into CI/CD platforms, Experience securing AI/ML infrastructure, Experience with AI technologies, API abuse detection across the entire SDLC, experience with IaC tools (Terraform, CloudFormation, ARM), Experience with SAST, DAST, SCA, and dependency scanning tools, Proficiency in Python or equivalent scripting language, knowledge of IAM, encryption, OAuth/OIDC, RBAC, and secure cloud architecture principles, Understanding of compliance & security frameworks (SOC 2, ISO 27001, NIST), Exposure to mobile application security on native iOS and/or Android platforms
Nice to Have
Security certifications highly desirable (AWS, Azure, GCP, CISSP, CCSP, GIAC, etc.)
What You'll Do.
Architect secure controls
Implement secure controls
Improve secure controls
Develop IaC guardrails
Enforce IaC guardrails
Design CI/CD security controls
Maintain CI/CD security controls
Lead architecture reviews
Lead security design reviews
Define secure coding standards
Partner with developers
Enforce IAM principles
Own vulnerability management
Integrate application telemetry
Integrate cloud telemetry
Develop incident response playbooks
Maintain incident response playbooks
Cooperate with IT Security
Partner with Cloud Engineering
Automate security operations
Operationalize compliance frameworks
Evaluate emerging security technologies
How You'll Work.
Team & Collaboration
Work collaboratively in a multi-cultural organization; Build meaningful relationships with associates, members and vendors; Work collaboratively across product, engineering, and global teams
Communication Scope
Excellent verbal and written communication skills; Proof reading; Adjusts communication style appropriately to the audience; Translate complex security risks into clear business decisions
Process & Methodology
Effective time management, Organization skills, Prioritization skills
Full Job Description
_**POSITION PURPOSE**_ The DevSecOps Engineer integrates security and compliance into the software development lifecycle, CI/CD pipelines, application workflows and cloud infrastructure. This role ensures secure-by-design principles are embedded across YPO’s global, AI-first, mobile-native platforms, protecting confidentiality, integrity, and availability while enabling engineering velocity. **_PRIMARY RESPONSIBILITIES_** * Architect, implement, and continuously improve secure-by-design controls across multi-cloud environments (AWS, Azure, GCP), including network segmentation, encryption, secrets management, secure APIs, and container platforms (Kubernetes, ECS, AKS). * Develop and enforce Infrastructure as Code and policy-as-code guardrails (Terraform, CloudFormation, ARM, OPA, Sentinel, Azure Policy, AWS SCPs) with automated configuration validation and remediation. * Design and maintain security controls within CI/CD pipelines, integrating SAST, DAST, SCA, container and IaC scanning, and automated security gates to prevent high-risk code while optimizing pipeline performance. * Lead threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, and security design/code reviews to mitigate risk prior to deployment. * Define and promote secure coding standards for backend APIs, mobile applications, and AI-powered services; partner with developers to remediate vulnerabilities and improve triage accuracy. * Enforce and audit enterprise IAM and Zero Trust principles (RBAC, PAM, SSO, MFA, OAuth/OIDC, SAML), including access reviews, entitlement governance, and privilege drift detection. * Own the vulnerability management lifecycle, including asset discovery, continuous scanning, risk-based prioritization, remediation tracking, penetration testing coordination, and risk register reporting. * Integrate application and cloud telemetry into SIEM/SOAR platforms; define detection standards, support log ingestion strategy, conduct threat hunting, and assist with incident respo
Applying for this DevSecOps Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about YPO?
Real rants from real employees. Read before you apply.