Senior DevSecOps Engineer

Who We Are:

Bandwidth, a prior “Best of EC” award winner, is a global software company that helps enterprises deliver exceptional experiences through voice, messaging, and emergency services. Reaching 65+ countries and over 90 percent of the global economy, we're the only provider offering an owned communications cloud that delivers advanced automation, AI integrations, global reach, and premium human support. Bandwidth is trusted for mission-critical communications by the Global 2000, hyperscalers, and SaaS builders!

At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband

What We Are Looking For:

The Senior DevSecOps Engineer delivers advanced technical expertise to integrate security, automation, and observability across Bandwidth’s software development and infrastructure environments.

This role focuses on executing secure-by-default practices and embedding protection, compliance, and telemetry into CI/CD and cloud operations, enabling faster, more resilient, and more secure delivery pipelines.

Working closely with Security Operations (SecOps), Application Security (AppSec), Governance Risk and Compliance (GRC), Cloud, and Engineering teams, this engineer applies “shift-left” principles to ensure security is built in at every stage of development and deployment.

What You'll Do:

Security tooling integration and automation

• Implement, maintain, and optimize security tooling across build, test, and deploy stages (SAST, DAST, SCA, IaC scanning, supply-chain scanning, CSPM, CWPP, SIEM, SOAR, EDR/XDR).

• Build and maintain automated security testing and compliance validation in CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, ArgoCD, Azure DevOps).

• Develop and support reusable automation frameworks and APIs for vulnerability data exchange, control testing, and alerting.

• Use Infrastructure-as-Code (IaC) and Policy-as-Code (PaC) technologies (Terraform, CloudFormation, OPA, Conftest) to continuously enforce governance and compliance controls.

• Collaborate with the Application Security team on code scanning, vulnerability triage, and secure code‑review automation.

Observability, telemetry, and detection engineering

• Integrate and maintain unified observability solutions, consolidating metrics, traces, and logs across OpenTelemetry, Prometheus, DataDog, AWS CloudWatch, and Sumo Logic.

• Develop and enforce security and performance observability standards for services and environments.

• Collaborate with the SecOps team to link security telemetry with detection rules, correlation logic, and automated response systems.

• Support metrics collection and dashboards to assess observability coverage and detection performance.

Cloud and infrastructure security

• Implement secure configurations and controls across AWS, Azure, and GCP environments using CSPM, CWPP, Zero Trust, and workload‑protection tools.

• Embed visibility and control baselines into multi‑cloud and containerized environments.

• Contribute to automation for compliance and configuration validation using CIS, NIST, and FedRAMP benchmarks.

• Partner with Cloud and Infrastructure teams to ensure cloud security posture meets enterprise standards.

Metrics, reporting, and improvement

• Collect and report DevSecOps metrics related to vulnerability reduction, automation coverage, observability, and compliance.

• Identify opportunities to improve tool integrations, automation pipelines, and detection methods.

• Research and pilot emerging technologies, including AI/ML‑based threat detection, runtime protection, and automated remediation tools.

AI Security

• Support the implementation of Bandwidth’s AI Security Framework to uphold the security, privacy, and ethical use of AI systems.

• Collaborate with Security and Product teams on threat modeling and validation for AI/ML systems, addressing model integrity, prompt injection, data leakage, and bias mitigation.

• Contribute to internal automations for AI model testing, ensuring adherence to information security controls.

Developer Enablement & Collaboration

• Support Security Champion initiatives to promote secure coding awareness, tooling adoption, and security accountability across engineering teams.

• Contribute to secure development training, internal workshops, and tool onboarding sessions.

• Partner with Product and Development teams to design developer‑friendly security integrations balancing usability and compliance.

Other duties and responsibilities:

• Serve as technical liaison between InfoSecOps, Engineering, and Cloud for monitoring, alert correlation, and automated playbooks.

• Automate compliance controls and evidence collection for SOC 2, ISO 27001, HIPAA, and FedRAMP certifications.

• Participate in incident response reviews and develop automation improvements after major events.

What You Need:

Education

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related technical discipline.

• Professional certifications such as CISSP, CISM, CCSP, AWS Security Specialty, or Kubernetes Security Specialist preferred.

Experience

• Minimum 4 years of combined experience in Information Security, Cloud Security, or DevSecOps engineering.

• Hands‑on experience integrating security tooling, automation, and observability in enterprise CI/CD and cloud environments.

• Demonstrated collaboration with SOC, AppSec, and SRE teams to enhance detection, response, and overall security hygiene.

Knowledge and skills

• Proficient in secure SDLC methodologies (OWASP SAMM, BSIMM) and MITRE ATT&CK frameworks.

• Strong automation experience using GitHub Actions, GitLab CI, or Jenkins.

• Skilled in writing IaC to manage platforms and tools

• Skilled in scripting (Python, Go, PowerShell) for security automation and system integration.

• Familiarity with observability stacks (OpenTelemetry, Prometheus, Grafana, Sumo Logic, DataDog).

• Experience with multi‑cloud security, Zero Trust principles, and identity federation (OAuth2, OIDC, SAML).

• Excellent communication, documentation, and cross‑team collaboration skills.

Bonus Points:

• Experience implementing AI/ML‑based anomaly detection and predictive analytics.

• Familiarity with data‑privacy automation (GDPR, CCPA) and confidential computing.

• Background in telecom, SaaS, or other high‑availability architectures.

• Participation in open‑source DevSecOps or observability communities.

• Experience with Redhat OpenShift, Kubernates, AWS

The Whole Person Promise:

At Bandwidth, we’re pretty proud of our corporate culture, which is rooted in our “Whole Person Promise.” We promise all employees that they can have meaningful work AND a full life, and we provide a work environment geared toward enriching your body, mind, and spirit. How do we do that? Well…

• 100% company-paid Medical, Vision, & Dental coverage for you and your family with low deductibles and low out-of-pocket expenses.

• All new hires receive four weeks of PTO.

• PTO Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your PTO – not even with email.

• Additional PTO can be earned throughout the year through volunteer hours and Bandwidth challenges.

• “Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.

• 90-Minute Workout Lunches and unlimited meetings with our very own nutritionist.

Are you excited about the position and its responsibilities, but not sure if you’re 100% qualified? Do you feel you can work to help us crush the mission? If you answered ‘yes’ to both of these questions, we encourage you to apply! You won’t want to miss the opportunity to be a part of the BAND.

Applicant Privacy Notice