Posted at: 1 December

Sr. DevSecOps Engineer

Company

NTD software

NTD Software is a Guadalajara-based custom software development and AI solutions provider, operating in the IT and digital transformation sectors with a global B2B and B2C focus.

Remote Hiring Policy:

NTD Software supports remote work and hires from various locations, particularly for technical roles, with a primary focus on candidates based in Mexico.

Job Type

Full-time

Allowed Applicant Locations

Mexico

Apply Here

Job Description

As a DevSecOps Engineer, the focus is on strengthening application security and
embedding modern DevSecOps practices across the development lifecycle. The role involves identifying and remediating application vulnerabilities, integrating security into every stage of the SDLC, and ensuring that robust security controls are implemented and maintained in CI/CD pipelines.

Day-to-day responsibilities include designing and automating security controls, performing secure code and pipeline reviews, monitoring vulnerabilities, and collaborating with development and operations teams to drive “security by design.” By doing so, this role adds direct value to the Technology Department, working closely with all tribes to reduce risk exposure, enable faster and more secure software delivery, and foster a culture where security becomes a natural part of innovation and growth.

Responsibilities:

    • Identify, assess, and remediate application security vulnerabilities across web, API, and cloud environments.
    • Integrate and maintain security controls in CI/CD pipelines (e.g., SAST, DAST, SCA, container scanning, IaC security).
    • Collaborate with development and operation teams to embed secure coding practices and ensure “shift-left” security.
    • Conduct and support secure code reviews, threat modeling, and application risk assessments.
    • Develop automation and scripts to enforce security checks in the pipeline.
    • Monitor, triage, and remediate findings from application security tools.
    • Stay current with industry trends, frameworks, and emerging threats (OWASP, MITRE ATT&CK, NIST).
    • Contribute to security guidelines, standards, and training for developers.

Requirements:

    • Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent experience.
    • Proven experience in DevSecOps, Application Security, or Secure Software Development(3+ years).
    • Good programming skills in programming languages such as PHP, JavaScript, Python, or Java.
    • Hands-on experience with CI/CD tools(GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, etc.).
    • Practical experience with SAST, DAST, SCA, IAST, and related security tooling.
    • Understanding of cloud security practices.
    • Familiarity with container security (Docker, Kubernetes).
    • Strong knowledge of OWASP Top 10, secure coding principles, and common attack vectors.
    • Ability to communicate security requirements effectively to developers and stakeholders

Bonus Skills:

    • Experience performing penetration testing or code-level security assessments.
    • Certifications such as eJPT, OSWE, OSCP, CSSLP, or GIAC GWAPT/GPCS.
    • Experience with Infrastructure as Code (Terraform, CloudFormation) security best practices.
    • Experience implementing Zero Trust principles in pipelines.
    • Knowledge of Clojure
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Apply Here