What You'll Do:
- Design and implement security controls and tools within CI/CD pipelines to protect against threats and vulnerabilities.
- Conduct security assessments, code reviews, and penetration testing on applications and infrastructure deployed through CI/CD workflows.
- Integrate security tools (e.g., SAST, DAST, dependency scanning) into CI/CD systems such as Jenkins, GitLab CI/CD, GitHub Actions, or CircleCI.
- Collaborate with DevOps teams to automate security checks and ensure secure configuration of build and deployment environments.
- Monitor and respond to security incidents related to CI/CD processes, including artifact integrity and pipeline tampering.
- Develop and maintain documentation for secure CI/CD practices, policies, and procedures.
- Stay up-to-date with emerging threats, vulnerabilities, and security technologies relevant to CI/CD and cloud-native environments.
- Educate and train development teams on secure coding practices and CI/CD security principles.
- Ensure compliance with regulatory standards (e.g., SOC 2, ISO27001) in the software delivery lifecycle.
What You Have:
- 3+ years of experience in security engineering, DevSecOps, or a related role.
- Hands-on experience securing CI/CD pipelines using tools like Jenkins, GitLab CI/CD, GitHub Actions, or similar platforms.
- Proficiency with security tools such as Sonarcloud Github Security
- Strong understanding of software development lifecycle (SDLC) and DevOps practices.
- Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes) and their security implications.
- Knowledge of cloud platforms (e.g., AWS) and their security configurations.
- Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
- Excellent problem-solving skills and attention to detail.
Extras you bring
- Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
- Familiarity with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager).
- Understanding of zero-trust security models and their application in CI/CD.
- Strong communication skills to collaborate across technical and non-technical teams.
- Ability to prioritize and manage multiple tasks in a fast-paced environment.
- Proactive mindset with a focus on identifying and mitigating risks early in the development process.
Why Join Polly?
- We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates
- You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
- We value drive for excellence, independent thinking, teamwork and curiosity
- You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
- We have an experienced leadership team that previously built large and impactful platforms
- Outstanding opportunity for professional growth and upward mobility
- Direct engagement with the decision makers and senior business leaders
- Competitive salaries
- 100% paid medical/vision/dental/disability/life insurance
- Unlimited PTO
- Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas
Other Jobs from Polly
Cloud Security Engineer
Senior/Staff Software Engineer - Platform
Staff Project Manager
Senior/Staff Software Engineer- Back End, API Team
Staff Software Engineer- Back End, AI Team
Similar Jobs
Principal, DevOps Engineer
Site Reliability Engineer – Field Operations
Software Engineer/Senior Engineer, Build Infrastructure (ADAS)
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 452 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say