Skip to content
← Back to job listings

DevSecOps Engineer

CPI Security · Charlotte, NC, United States

CybersecurityEntry LevelQuick applyfull-time2 days ago

About The Role

Position Summary

CPI is looking for a DevSecOps Engineer to join our application engineering team . This is not a traditional DevOps role . T his role must recognize and imbed security a cross the entire application delivery lifecycle . This teammate d riv es efficiency into the engineering team’s work , while e mbedding controls, automation, and threat-aware thinking into every pipeline, deployment, and platform.

You'll work at the intersection of Salesforce delivery, cloud infrastructure, and application security, partnering with engineers and security team mate s to ship faster and safer.

Key Responsibilities

  • Manage release engineering , branching strategies, automated deployments, metadata diffing, sandbox seeding, and rollback playbooks ( Salesforce / GearSet are currently core applications)
  • Design and operate secure CI/CD pipelines and cloud-native services ( Salesforce, AWS , Snowflake)
  • Work in conjunction with other IT teammates to identify and resolve technical pipeline issues and escalate items while retaining ownership
  • Embed automated security gates ( SAST, DAST, SCA, IaC scanning ) , container image scanning, and secrets detection directly into developer workflows
  • Support and extend AI and Snyk code quality gates
  • Architect and maintain AWS infrastructure IaC ( Terraform ) , with security baselines enforced via policy-as-code
  • Containerize workloads with Docker, orchestrate via ECS/EKS (or AKS) , and harden images against CVEs and supply-chain attacks (SBOMs, signing, provenance)
  • Partner with security team for pipeline incident response and infrastructure security events and postmortems
  • Continuously evaluate tool alerts and reduce alert fatigue through tuning and automation
  • Support and troubleshoot all pipeline & IaC tools to ensure engineering adoption
  • Contribute to scrum ceremonies as a technical voice on delivery, release readiness, and risk

Core Experience

  • 10+ years of professional software development experience across one or more of: Java, .N ET/C# , Python, Node.js, or Apex
  • 5+ years in a DevOps, SRE, or Platform Engineering role, with at least the last 2 years explicitly focused on DevSecOps practices
  • Demonstrated history of owning production systems end-to-end ( design, deployment, monitoring, and incident response )
  • Independent problem solver able to investigate, identify , evaluate, and drive practical solutions

Salesforce Delivery

  • Hands-on experience for Salesforce CI/CD: pipeline configuration, automated testing, problem analysis, and unit test coverage enforcement ( GearSet preferred)
  • Strong understanding of Salesforce metadata, sandbox strategy, and Apex test automation
  • Experience integrating Salesforce deployments with Git-based source-of-truth workflow s

Cloud & Infrastructure

  • AWS at depth: IAM, VPC design, KMS, Secrets Manager, GuardDuty , Security Hub, CloudTrail, Config, WAF
  • Docker and container orchestration (ECS, EKS, or Kubernetes) in production
  • Infrastructure as Code: Terraform (preferred) with modular, reusable, policy-checked patterns.
  • CI/CD platforms: GitHub Actions, GitLab CI, Jenkins, or CircleCI

Security Tooling & Practices

  • SAST/DAST/SCA tooling; e.g. Snyk (preferrable) , Checkmarx , SonarQube
  • Container/image scanning , SBOM generation , and p olicy-as-code

Soft Skills

  • Strong communication — you can explain a vulnerability to an executive and a regex to a junior engineer in the same afternoon
  • Pragmatic risk thinker — you know when to block a deploy and when to file a ticket
  • Collaborative; sensitive to "security as a department of no"

Nice to Have

  • Salesforce certifications (Platform Developer I/II)
  • AWS certifications (Solutions Architect Professional, Securi t y Specialty)

This listing was posted by a verified recruiter at CPI Security. Report this listing