[Remote] DevSecOps Engineer – Security Automation & Pipeline Development (Remote)
Note: The job is a remote job and is open to candidates in USA. Stage 4 Solutions is a global B2B high-tech company seeking a DevSecOps Engineer for Security Automation & Pipeline Development. The role involves upgrading vulnerable containers, applying cloud hardening, maintaining Terraform/Ansible code, and designing automated container patching pipelines.ResponsibilitiesUpgrade vulnerable containers in collaboration with the DevSecOps team, testing and promoting updates to productionApply cloud hardening and maintain Terraform/Ansible code to enforce security settings across AWS services and Kubernetes nodes per STIG and CIS benchmarksDesign and maintain automated container patching pipelines, including base image refresh, rebuild triggers, and automated PR generationBuild and maintain vulnerability scanning workflows using Grype and/or Trivy as pipeline gates blocking promotion of images exceeding CVE thresholdsBuild and manage Argo Workflows orchestrating end-to-end patch automation from scanning through remediation, rebuild, and deploymentWrite Python-based tooling supporting pipeline logic, scan result parsing, notification routing, and patch orchestrationOwn GitHub-based development workflow: branch strategy, PR creation/review, code quality standards, and merge gate enforcementConduct code reviews, ensuring changes meet security, quality, and operational standards before production promotionMaintain production readiness practices, including testing, peer review, rollback procedures, and deployment validationAnalyze Kubernetes IAM configurations and RBAC policies to identify overprivileged roles, misconfigurations, and deviations from least-privilege principlesReview and harden Kubernetes network setup and segmentation, including network policies, namespace isolation, and inter-service communication controlsAudit certificate usage across the cluster and pipeline, ensuring proper issuance, validity, and automated rotation; verify secrets are rotated on schedule and not hardcoded or overexposedScan codebases, repos, and infrastructure configs for exposed secrets using open source tools such as Hedgehog and equivalent secret detection utilitiesScan S3 buckets for exposed secrets and sensitive data, remediating findings and implementing preventive controlsReview network, WAF, and Istio logs to map existing traffic flows and service communication patterns in preparation for network segmentation and a deny-by-default lockdown postureDevelop automations for WAF rule creation and tuning based on observed traffic patterns and threat intelligenceLeverage Claude to accelerate security research, organize remediation plans, and develop Python-based tooling for non-production-impacting automation and analysis tasksSkillsCore Platform & Cloud AWS EKS, Kubernetes, Terraform, Ansible, ArgoCD, Argo Workflows, GitLab, GitHubSecurity & Compliance FedRAMP, STIG, CIS Benchmarks, RBAC, IAM, Okta/OIDC, SAML, WAF, Istio, Network Segmentation, Certificate Management, Secrets Rotation, Least PrivilegeScanning & Tooling Grype, Anchore, Hedgehog, S3 Scanning, Vulnerability Scanning, Secrets DetectionDevelopment Python, CI/CD Pipelines, Code Review, PR Management, Patch AutomationAI Claude, AI-Assisted CodingBachelor s degreeBenefitsHealth benefits and 401K are offered.This is a W2 employee of Stage 4 Solutions.Company OverviewStage 4 Solutions is a management consulting firm that provides marketing solutions services. It was founded in 2001, and is headquartered in Saratoga, California, USA, with a workforce of 51-200 employees. Its website is https://www.stage4solutions.com.