Job type: Contract (W2) Duration: 12 months (scope for extension) Location: Dallas (hybrid)The roleWe believe that security should be an enabler, not a blocker, which is why we’re building systems that empower developers to move fast and build securely. Our DevSecOps team plays a central role in this mission and we're looking for a DevSecOps Engineer to help us go further. In this role, you will secure our software supply chain, embed AppSec into our CI/CD pipelines and partner with engineering teams to drive smart, secure decisions earlier in the SDLC. As a DevSecOps Engineer, you will work at the intersection of security and engineering, embedding tools and processes to detect risk early and automate the right responses. This is a hands-on role, focused on driving adoption of modern AppSec tooling, triaging real-world vulnerabilities and creating fast, developer-friendly feedback loops.Who are we looking for?The ideal candidate will have the following skills and experience:Solid experience securing CI/CD pipelines and integrating AppSec tooling using platforms such as GitLab CI, Jenkins and GitHub ActionsWorking knowledge of SAST, SCA and DAST principles and tuning techniques to improve signal qualityFamiliarity with SBOM standards – such as CycloneDX or SPDX - and how they’re used to improve software transparencyExperience scripting or building automation in Python, C#, Go or similarA strong grasp of container security, for example with Docker or Kubernetes and cloud infrastructure, such as AWS, Azure or GCPA collaborative, low-ego approach with strong written and verbal communication skillsA growth mindset; you\'re excited to continuously evolve your knowledge and help others do the sameThe below are beneficial:Experience with secure management and distribution of secrets using tools such as HashiCorp Vault or AWS Secrets ManagerOperational knowledge of PKI and internal certificate lifecyclesSecure artefact signing, provenance tracking or build pipeline hardeningKey responsibilities of the role include:Embedding and optimising SAST, SCA and DAST tools within CI/CD pipelines to catch issues earlyTriaging and contextualizing security findings, guiding developers toward practical, risk-based fixesBuilding automation and internal tooling to streamline how security results are collected, prioritised and acted uponDriving the creation, management and use of Software Bills of Materials (SBOMs) to improve visibility and traceability of dependenciesChampioning SDLC supply chain security, including dependency hygiene, provenance, artefact integrity and secure build environmentsEnabling teams with playbooks, education and tooling that make secure development the default pathCollaborating cross-functionally with Platform and Product teams to evolve our security posture #J-18808-Ljbffr