DevSecOps Engineer

Location: Alpharetta, Georgia, USA

Time Type: Full time

Job Description

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

***At this time, we are unable to offer visa sponsorship for this position.
Candidates must be legally authorized to work for any employer in the United
States on a full-time basis without the need for current or future immigration
sponsorship.***

SUMMARY OF THIS ROLE

Combines software development, IT operations, and security practices to deliver
a secure and compliant cloud environment. Responsible for implementing and
maintaining GCP security guardrails, integrating security into CI/CD pipelines,
and managing cloud security posture through tooling and automation. Works closely
with engineering and security teams to ensure cloud infrastructure meets
organizational security standards throughout the software delivery lifecycle.

WHAT PART WILL YOU PLAY?

- Design, implement, and maintain GCP security guardrails, policies, and
  organizational controls to enforce security standards across cloud environments.
- Manage and continuously improve GCP Security Command Center configurations
  to identify, prioritize, and remediate security risks.
- Operate and administer Wiz to monitor cloud security posture, triage findings,
  and drive remediation efforts across GCP workloads.
- Integrate security controls and automated scanning into CI/CD pipelines to
  enforce secure development practices and prevent vulnerable code from reaching
  production.
- Build and maintain security-focused Infrastructure as Code using Terraform to
  provision and enforce compliant GCP resources.
- Develop and enforce GCP organization policies, IAM controls, VPC Service
  Controls, and network security configurations.
- Identify and remediate misconfigured cloud resources, excessive permissions,
  and policy violations across GCP projects.
- Collaborate with DevOps and engineering teams to embed security best practices
  into development workflows and deployment processes.
- Automate security compliance checks and reporting to provide visibility into the
  organization's security posture for stakeholders and leadership.
- Aid in designing cost-optimization strategies for cloud security infrastructure
  without compromising coverage or controls.
- Participate in the hiring and interview process for the department.

WHAT ARE WE LOOKING FOR IN THIS ROLE?

Minimum Qualifications

- Bachelor degree or equivalent experience in a technical discipline.
- 5+ years of experience in DevOps, cloud security, or a related technical field.

Preferred Qualifications

- 5+ years of hands-on experience with GCP, including IAM, VPC, Security Command
  Center, and organization policies.
- Experience implementing and managing cloud security posture tools such as Wiz
  or similar platforms.
- Experience developing Infrastructure as Code with Terraform in GCP.
- Demonstrated experience securing CI/CD pipelines in Jenkins, GitHub Actions,
  or similar tooling.
- Familiarity with GCP guardrails including org policies, VPC Service Controls,
  and resource hierarchy security.
- Experience with container security and Kubernetes workload hardening.
- Working experience with firewalls, proxies, and network security controls in
  cloud environments.
- Experience scripting in Bash, Python, or similar languages to automate security
  tasks.
- Familiarity with GitOps practices and tools such as ArgoCD or similar.
- Experience with monitoring and observability tools including Grafana or similar.
- Understanding of DevSecOps principles and secure software development lifecycle
  (SSDLC) practices.
- Google Cloud security certifications (e.g., Professional Cloud Security
  Engineer) a plus.

WHAT ARE OUR DESIRED SKILLS AND CAPABILITIES?

- Skills / Knowledge: Solid working knowledge of GCP security services and cloud
  security best practices. Applies skills to solve complex security challenges and
  contribute to a more secure cloud environment.

- Job Complexity: Works on moderately complex security issues that require analysis
  of cloud configurations, risk data, and tool findings. Exercises sound judgment
  in determining remediation priorities and escalation paths.

- Supervision: Works with general direction and some independence. Collaborates
  effectively with peers and cross-functional teams to deliver results.

BENEFITS

Global Payments offers a comprehensive benefits package to all of our team
members, including medical, dental and vision care, EAP programs, paid time off,
recognition programs, retirement and investment options, charitable gift matching
programs, and worldwide days of service. To learn more, visit:
https://jobs.globalpayments.com/en/why-global-payments/benefits/

--------------------------------------------------------------------------------

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact [email protected].