Senior DevSecOps Engineer

2 weeks ago

Boston, MA, United States Starburst Full time
About Starburst

Starburst is the data platform for analytics, applications, and AI, unifying data across clouds and on-premises to accelerate AI innovation. Organizations-from startups to Fortune 500 enterprises in 60+ countries-rely on Starburst for fast data access, seamless collaboration, and enterprise-grade governance on an open hybrid data lakehouse. Wherever data lives, Starburst unlocks its full potential, powering data and AI from development to deployment. By future-proofing data architecture, Starburst helps businesses fuel innovation with AI.

About the Role:

As a Senior DevSecOps Engineer, you will be a key player in integrating security practices throughout the software development lifecycle. You will lead initiatives to design, implement, and automate security controls, ensuring the secure development and deployment of applications. This role requires a strong understanding of security principles, DevOps methodologies, and cloud environments, with a focus on continuous improvement and risk mitigation. You will collaborate closely with development, operations, and security teams, and mentor junior engineers to foster a culture of security.

Responsibilities:
  • Integrate security into the CI/CD pipeline, automating security controls and embedding security throughout the development lifecycle.
  • Support, and maintain Application Security Testing (AST) tools (SAST, DAST, IAST, SCA) to identify code and dependency vulnerabilities.
  • Conduct security assessments, vulnerability analysis, and penetration testing to identify and mitigate security risks.
  • Develop and maintain secure infrastructure as code (IaC) scripts using tools like Pulumi, Terraform, or CloudFormation.
  • Implement and manage security tools and technologies such as SIEMs, IDS/IPS, firewalls, and endpoint protection.
  • Monitor and respond to security incidents, performing root cause analysis and implementing corrective measures.
  • Educate and train development and operations teams on secure coding practices and security tooling.
  • Stay up to date with the latest security threats, trends, and technologies, and proactively address potential risks.
  • Create and maintain documentation related to security policies, procedures, and standards.
  • Participate in security audits and compliance initiatives to ensure adherence to industry regulations and standards.
  • Provide thorough unit testing and automated testing to ensure a quality product is delivered.
  • Improve, enhance, and support existing operations.
  • Design, build, install, configure, and support production deployments.
  • Manage the work of teams implementing DevOps solutions in complex projects.
Minimum Qualifications:
  • Bachelor's degree in Engineering, Computer Science, Management Information Systems, or a related study, or equivalent experience.
  • Minimum of 5+ years of professional experience in DevOps, security engineering, or a related field.
  • Strong understanding of security principles and best practices, including threat modeling, risk assessment, and vulnerability management.
  • Proficiency with DevOps tools and practices, including CI/CD pipelines, containerization (Docker, Kubernetes), and version control systems (Git).
  • Solid understanding of cloud security concepts and experience with cloud platforms (AWS, Azure, Google Cloud).
  • Strong scripting and automation skills using languages such as Python, Bash, or PowerShell.
  • Experience with security tools such as OWASP ZAP, Burp Suite, Nessus, Metasploit, or similar.
  • Experience in development with shell scripting such as Python, GoLang, etc..
  • Expertise in the Linux operating system.
  • Must be able to demonstrate innovation in problem-solving.
  • Clear communication with team members and product owners.
  • Ability to effectively communicate technical findings to both technical and non-technical stakeholders.
  • Must follow and support agile methodologies and practices by actively participating in all SCRUM ceremonies.
  • Must adhere to and develop best practices in software engineering.
Preferred Qualifications:
  • Experience integrating Cloud Security Posture Management (CSPM) tooling with application security pipelines.
  • Experience with Kubernetes security and best practices.
  • Experience collaborating with vulnerability and risk management partners to interface with risk management and acceptance processes.
  • Experience developing and/or deploying training for software engineers around DevSecOps tooling, secure development standards, and application security fundamentals.
  • Ability to Travel: This role will require occasional in-person travel for purposes including but not limited to new hire onboarding, team and department offsites, customer engagements, and other company events. Actual travel expectations may vary by role and business needs.

Where could this role be based?

This role is based in our Boston office and follows a hybrid model, with an expectation of being onsite 1-2 days per week.

Starburst is dedicated to maintaining fair and equitable compensation practices. The salary range provided for this role reflects the minimum and maximum targets for candidates across all U.S. locations and could be inclusive of variable compensation, such as commission or bonus. All employees receive equity packages (ISOs) and have access to a comprehensive benefits offering. Actual compensation packages are determined based on relevant skills, experience, education and training, and specific work location. For more information, connect with the recruiting team or Hiring Manager during the process as they can provide more detailed information about the salary range.

Pay Range

$180,000-$220,000 USD

Build your career at Starburst

All-Stars have the opportunity and freedom to realize their true potential. By building alongside top talent, we're empowered to take ownership of our careers and drive meaningful change. Anchored in industry-proven technology and unprecedented success, All-Stars are taking on the challenge everyday to disrupt our industry - and the future.

Our global workforce is supported by a competitive Total Rewards program that reflects our commitment to a rewarding and supportive work environment. This includes a variety of benefits like competitive pay, attractive stock grants, flexible paid time off, and more.

We are committed to fostering an intentional, inclusive, and diverse culture that drives deep engagement, authentic belonging, and an exceptional All-Star experience. We believe that diversity of thought, perspective, background and experience will enable us to own what we do, drive our success and empower our All-Stars to show up authentically.

Starburst provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state
or local laws.

  • Azure DevSecOps Engineer

    4 days ago

    Boston, MA, United States SMX Corporation Full time

    Azure DevSecOps Engineer (Secret) (4594)at SMX(View all jobs) (https://www.smxtech.com/careers/) Boston, MA; Colorado Springs, CO; Tampa, FL; Washington, DC SMX is seeking an Azure DevSecOps Engineer supporting the design and implementation of secure, scalable multi-cloud infrastructure, applications, and services in support of enterprise cloud migration and...

  • Software Engineer-DevSecOps

    1 week ago

    Boston, MA, United States Innova Solutions Full time

    A client of Innova Solutions is immediately hiring for an Software Engineer- DevSecOps in Cambridge, MAPosition type: Full-time, Contract Duration :12 Months Location: (Cambridge, MA) As a(n) Software Engineer- DevSecOps you will:Position Responsibilities: • Oversees development, documentation and maintenance of standardized, efficient, and innovative...

  • Software Engineer-DevSecOps

    2 days ago

    Boston, MA, United States Innova Solutions Full time

    A client of Innova Solutions is immediately hiring for an Software Engineer- DevSecOps in Cambridge, MAPosition type: Full-time, Contract Duration :12 Months Location: (Cambridge, MA) As a(n) Software Engineer- DevSecOps you will:Position Responsibilities: • Oversees development, documentation and maintenance of standardized, efficient, and innovative...

  • Software Engineer-DevSecOps

    6 days ago

    Boston, MA, United States Innova Solutions Full time

    A client of Innova Solutions is immediately hiring for an Software Engineer- DevSecOps in Cambridge, MAPosition type: Full-time, Contract Duration :12 Months Location: (Cambridge, MA) As a(n) Software Engineer- DevSecOps you will:Position Responsibilities: • Oversees development, documentation and maintenance of standardized, efficient, and innovative...

  • Software Engineer-DevSecOps

    6 days ago

    Boston, MA, United States Innova Solutions Full time

    A client of Innova Solutions is immediately hiring for an Software Engineer- DevSecOps in Cambridge, MAPosition type: Full-time, Contract Duration :12 Months Location: (Cambridge, MA) As a(n) Software Engineer- DevSecOps you will:Position Responsibilities: • Oversees development, documentation and maintenance of standardized, efficient, and innovative...

  • Oliver Wyman

    7 days ago

    Boston, MA, United States Marsh & McLennan Companies Full time

    Company: Oliver Wyman Description: United States - Boston, New York, Toronto, Hybrid Possible Lead DevSecOps Engineer ____ WHO WE ARE Oliver Wyman Digital is a ground-breaking division within Oliver Wyman delivering world-class solutions to give our clients a competitive edge. We work across the full technology stack from databases and analytics to APIs and...

  • Oliver Wyman

    6 days ago

    Boston, MA, United States Marsh & McLennan Companies Full time

    Company: Oliver Wyman Description: United States - Boston, New York, Toronto, Hybrid Possible Lead DevSecOps Engineer ____ WHO WE ARE Oliver Wyman Digital is a ground-breaking division within Oliver Wyman delivering world-class solutions to give our clients a competitive edge. We work across the full technology stack from databases and analytics to APIs and...

  • Software Engineer-DevSecOps 5

    2 days ago

    Boston, MA, United States The Judge Group Full time

    Our client is currently seeking a Software Engineer-DevSecOps 5 • Oversees development, documentation and maintenance of standardized, efficient, and innovative processes, tools, methodologies, and performance metrics to streamline the software engineering lifecycle and enable continuous integration, delivery, and deployment of safety critical software....

  • Software Engineer-DevSecOps 5

    6 days ago

    Boston, MA, United States The Judge Group Full time

    Our client is currently seeking a Software Engineer-DevSecOps 5 • Oversees development, documentation and maintenance of standardized, efficient, and innovative processes, tools, methodologies, and performance metrics to streamline the software engineering lifecycle and enable continuous integration, delivery, and deployment of safety critical software....

  • Software Engineer-DevSecOps 5

    6 days ago

    Boston, MA, United States The Judge Group Full time

    Our client is currently seeking a Software Engineer-DevSecOps 5 • Oversees development, documentation and maintenance of standardized, efficient, and innovative processes, tools, methodologies, and performance metrics to streamline the software engineering lifecycle and enable continuous integration, delivery, and deployment of safety critical software....