Security Engineer - DevSecOps

About The Opportunity We are seeking a About The Opportunity We are seeking a Security Engineer - DevSecOps contractor to support our Product Development teams by maintaining robust security practices and ensuring SOC 2 compliance. This role is key to improving operational efficiency by proactively addressing vulnerabilities, managing infrastructure maintenance, and enhancing internal processes. You will collaborate closely with Engineering, Platform, and InfoSec teams to monitor systems, manage vulnerabilities, maintain infrastructure, and contribute to automation efforts through infrastructure-as-code. Responsibilities Partner with InfoSec, Platform, and Engineering teams to ensure a strategic security vision is embedded into products and codebases. Vulnerability Management: Triage and review vulnerability and penetration test reports (Tenable, Dependabot, AWS tools). Identify false positives, prioritize issues, and create actionable Jira tickets. Ensure timely remediation in line with SLAs and SOC 2 requirements. Implement code changes when needed to address vulnerabilities. Security Monitoring & Alerting: Maintain and improve AWS alerting pipelines (GuardDuty, Inspector, Config). Monitor, route, and resolve alerts in collaboration with Engineering teams. Enhance observability and logging infrastructure. Software & Infrastructure Maintenance: Perform monthly patching and upgrades for AWS Lambda runtimes, ECS services, VMs, and containers. Coordinate and execute annual backup restoration tests. Manage Dependabot alerts and CVE-driven updates. Infrastructure-as-Code: Maintain and enhance Terraform modules related to security and compliance. Required Qualifications 3 years of experience in DevSecOps, infrastructure security, or similar roles. Strong understanding of AWS services (Lambda, ECS, EC2). Hands-on experience with Terraform for infrastructure-as-code. Skilled in vulnerability triage, patch cycle management, and interpreting scan reports. Able to work independently and own recurring operational responsibilities. Comfortable in an agile product development environment. Experience with Go, Bash, and/or JavaScript/TypeScript for code reviews and patching. Nice To Have Skills Familiarity with SOC 2 compliance and related operational practices. Experience with security tools such as Tenable, AWS GuardDuty, Inspector, and AWS Config. Knowledge of CI/CD tools (e.g., GitHub Actions). Exposure to project tracking tools like Jira. Security certifications (CISSP, CSSLP, CEH, AWS Certified Security Engineer, GCP Professional Cloud Security Engineer). Deep understanding of application and cloud security, emerging threats, vulnerabilities, and best practices. Strong grasp of web application security principles, OWASP Top 10, and secure coding practices. Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Information Technology Industries IT Services and IT Consulting Referrals increase your chances of interviewing at Avenue Code by 2x Sign in to set job alerts for “Security Engineer” roles. [Security] Sr Security Engineer - AppSec Software Engineer Pleno (Node - Marketplace) [Security] Security Engineer Senior - Perimetro Senior Security Governance and Risk Consultant Senior Software Engineer - Authentication ( Java / C#) Security Engineer - Remote Work | REF150810 We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. J-18808-Ljbffr

Location: Brazil, BR

Posted Date: 9/17/2025