DevSecOps Engineer

Position Summary :     CPI is  looking for a  DevSecOps  Engineer  to join our  application  engineering team .    This is not a traditional DevOps role .   T his  role must recognize and  imbed   security  a cross the entire  application  delivery lifecycle .   This teammate d riv es  efficiency into the engineering team’s  work , while e mbedding controls, automation, and threat-aware thinking into every pipeline, deployment, and platform.   You'll  work at the intersection of Salesforce delivery, cloud infrastructure, and application security, partnering with  engineers  and security team mate s to ship faster and safer.   Key Responsibilities :     Manage  release engineering ,  branching strategies, automated deployments, metadata diffing, sandbox seeding, and rollback playbooks  ( Salesforce / GearSet  are currently core applications)   Design and  operate  secure CI/CD pipelines and cloud-native  services   ( Salesforce,  AWS , Snowflake)   Work in conjunction with other IT teammates to  identify  and resolve technical  pipeline  issues and escalate items while  retaining  ownership   Embed automated security gates  ( SAST, DAST, SCA,  IaC  scanning ) , container image scanning,  and  secrets detection directly into developer workflows   Support and extend  AI and  Snyk  code  quality   gates   Architect and  maintain  AWS infrastructure  IaC  ( Terraform ) , with security baselines enforced via policy-as-code   Containerize workloads with Docker, orchestrate via ECS/EKS  (or AKS) , and harden images against CVEs and supply-chain attacks (SBOMs, signing, provenance)   Partner with security  team  for pipeline incident response and infrastructure security events and postmortems   Continuously evaluate tool alerts and reduce alert fatigue through tuning and automation   Support and troubleshoot all pipeline &  IaC  tools to ensure engineering adoption   Contribute to scrum ceremonies as a technical voice on delivery, release readiness, and risk   Core Experience   10+ years of professional software development experience across one or more of: Java,  .N ET/C# ,  Python,  Node.js, or Apex   5+ years in a DevOps, SRE, or Platform Engineering role, with at least the last 2 years explicitly focused on  DevSecOps  practices   Demonstrated history of owning production systems end-to-end  ( design, deployment, monitoring, and incident response )   Independent problem  solver  able to investigate,  identify , evaluate, and drive practical solutions   Salesforce Delivery   Hands-on experience for Salesforce CI/CD: pipeline configuration, automated testing, problem analysis, and unit test coverage enforcement  ( GearSet   preferred)   Strong understanding of Salesforce metadata, sandbox strategy, and Apex test automation   Experience integrating Salesforce deployments with Git-based source-of-truth workflow s   Cloud & Infrastructure   AWS at depth: IAM, VPC design, KMS, Secrets Manager,  GuardDuty , Security Hub, CloudTrail, Config, WAF   Docker and container orchestration (ECS, EKS, or Kubernetes) in production   Infrastructure as Code: Terraform (preferred) with modular, reusable, policy-checked patterns.   CI/CD platforms: GitHub Actions, GitLab CI, Jenkins, or  CircleCI   Security Tooling & Practices   SAST/DAST/SCA  tooling;   e.g.   Snyk  (preferrable) ,  Checkmarx , SonarQube   Container/image scanning ,  SBOM generation , and p olicy-as-code   Soft Skills   Strong communication  — you can explain a vulnerability to an executive and a regex to a junior engineer in the same afternoon   Pragmatic risk thinker — you know when to block a deploy and when to file a ticket   Collaborative;  sensitive  to "security as a department of no"   Nice to Have   Salesforce certifications (Platform Developer I/II)   AWS certifications (Solutions Architect Professional, Securi t y Specialty)