← all jobs

[Remote] DevSecOps Engineer – Security Automation & Pipeline Development, 37294688

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Cypress HCM is seeking a DevSecOps Engineer to enhance security within their AWS EKS Kubernetes environment and CI/CD pipeline in preparation for a FedRAMP High audit. The role involves upgrading vulnerable containers, maintaining security settings, and developing automated patching pipelines while ensuring compliance with security standards.

Responsibilities

  • Upgrade vulnerable containers in collaboration with the DevSecOps team, testing and promoting updates to production
  • Apply cloud hardening and maintain Terraform/Ansible code to enforce security settings across AWS services and Kubernetes nodes per STIG and CIS benchmarks
  • Design and maintain automated container patching pipelines including base image refresh, rebuild triggers, and automated PR generation
  • Build and maintain vulnerability scanning workflows using Grype and/or Trivy as pipeline gates blocking promotion of images exceeding CVE thresholds
  • Build and manage Argo Workflows orchestrating end-to-end patch automation from scanning through remediation, rebuild, and deployment
  • Write Python-based tooling supporting pipeline logic, scan result parsing, notification routing, and patch orchestration
  • Own GitHub-based development workflow: branch strategy, PR creation/review, code quality standards, and merge gate enforcement
  • Conduct code reviews ensuring changes meet security, quality, and operational standards before production promotion
  • Maintain production readiness practices including testing, peer review, rollback procedures, and deployment validation
  • Analyze Kubernetes IAM configurations and RBAC policies to identify overprivileged roles, misconfigurations, and deviations from least-privilege principles
  • Review and harden Kubernetes network setup and segmentation including network policies, namespace isolation, and inter-service communication controls
  • Audit certificate usage across the cluster and pipeline, ensuring proper issuance, validity, and automated rotation; verify secrets are rotated on schedule and not hardcoded or overexposed
  • Scan codebases, repos, and infrastructure configs for exposed secrets using open source tools such as Hedgehog and equivalent secret detection utilities
  • Scan S3 buckets for exposed secrets and sensitive data, remediating findings and implementing preventive controls
  • Review network, WAF, and Istio logs to map existing traffic flows and service communication patterns in preparation for network segmentation and a deny-by-default lockdown posture
  • Develop automations for WAF rule creation and tuning based on observed traffic patterns and threat intelligence
  • Leverage Claude to accelerate security research, organize remediation plans, and develop Python-based tooling for non-production-impacting automation and analysis tasks

Skills

  • Deep familiarity with container technology and security
  • Upgrade vulnerable containers in collaboration with the DevSecOps team, testing and promoting updates to production
  • Apply cloud hardening and maintain Terraform/Ansible code to enforce security settings across AWS services and Kubernetes nodes per STIG and CIS benchmarks
  • Design and maintain automated container patching pipelines including base image refresh, rebuild triggers, and automated PR generation
  • Build and maintain vulnerability scanning workflows using Grype and/or Trivy as pipeline gates blocking promotion of images exceeding CVE thresholds
  • Build and manage Argo Workflows orchestrating end-to-end patch automation from scanning through remediation, rebuild, and deployment
  • Write Python-based tooling supporting pipeline logic, scan result parsing, notification routing, and patch orchestration
  • Own GitHub-based development workflow: branch strategy, PR creation/review, code quality standards, and merge gate enforcement
  • Conduct code reviews ensuring changes meet security, quality, and operational standards before production promotion
  • Maintain production readiness practices including testing, peer review, rollback procedures, and deployment validation
  • Analyze Kubernetes IAM configurations and RBAC policies to identify overprivileged roles, misconfigurations, and deviations from least-privilege principles
  • Review and harden Kubernetes network setup and segmentation including network policies, namespace isolation, and inter-service communication controls
  • Audit certificate usage across the cluster and pipeline, ensuring proper issuance, validity, and automated rotation; verify secrets are rotated on schedule and not hardcoded or overexposed
  • Scan codebases, repos, and infrastructure configs for exposed secrets using open source tools such as Hedgehog and equivalent secret detection utilities
  • Scan S3 buckets for exposed secrets and sensitive data, remediating findings and implementing preventive controls
  • Review network, WAF, and Istio logs to map existing traffic flows and service communication patterns in preparation for network segmentation and a deny-by-default lockdown posture
  • Develop automations for WAF rule creation and tuning based on observed traffic patterns and threat intelligence
  • Leverage Claude to accelerate security research, organize remediation plans, and develop Python-based tooling for non-production-impacting automation and analysis tasks
  • AWS EKS
  • Kubernetes
  • Terraform
  • Ansible
  • ArgoCD
  • Argo Workflows
  • GitLab
  • GitHub
  • FedRAMP
  • STIG
  • CIS Benchmarks
  • RBAC
  • IAM
  • Okta/OIDC
  • SAML
  • WAF
  • Istio
  • Network Segmentation
  • Certificate Management
  • Secrets Rotation
  • Least Privilege
  • Grype
  • Anchore
  • Hedgehog
  • S3 Scanning
  • Vulnerability Scanning
  • Secrets Detection
  • Python
  • CI/CD Pipelines
  • Code Review
  • PR Management
  • Patch Automation
  • Claude
  • AI-Assisted Coding

Company Overview

  • Cypress HCM is a staffing and recruiting company providing technology and creative recruiting solutions. It was founded in 2005, and is headquartered in Walnut Creek, California, USA, with a workforce of 51-200 employees. Its website is http://cypresshcm.com.
  • More open positions

    [Remote] Senior Brand Content Lead - Healthcare

    Work from home Full-time role

    [Remote] Social Media Manager - Content Specialist

    Work from home Full-time role

    [Remote] Systems Administrator, Customer Service Platform, 3086-1

    Work from home Full-time role

    [Remote] EA-Senior Software Engineer

    Work from home Full-time role

    [Remote] Product Designer

    Work from home Full-time role

    Insurance Sales Agents

    Work from home Full-time role

    Incident and Escalation Manager

    Work from home Full-time role

    Remote Registered Dietitian

    Work from home Full-time role

    Remote Full time and Part time Call Center Agent

    Work from home Full-time role

    Inside Property Claims Adjuster (Remote)

    Work from home Full-time role

    Entry Level - Account Executive - B2B

    Work from home Full-time role

    Senior Data & Insights Engineer

    Work from home Full-time role

    RN Clinical Scholar / Educator PRN Nights Littleton

    Work from home Full-time role

    Telehealth Veterinary Technician - Full Time

    Work from home Full-time role

    Chief of Staff/Executive Assistant - Freelance, Remote

    Work from home Full-time role

    Experienced Data Entry Associate – Remote Opportunity at careerzynith

    Work from home Full-time role

    Sr. Outbound Sales Representative (Remote/Eastern Time)

    Work from home Full-time role

    Technical Consultant Principal (Cloud Architect) (m/f/d)

    Work from home Full-time role

    Field Service Engineer - Daily Field Travel – Buffalo, NY Territory (necessity to reside within 60 minutes of Buffalo or ability to relocate)

    Work from home Full-time role

    Employee Services (HR) Generalist

    Work from home Full-time role

    Kansas Virtual OT Job Full & Part-Time Available

    Work from home Full-time role