Q-Free is the prime mover in innovative, safe, and sustainable transportation management. We work to do two things: improve mobility and make the world better by improving traffic flow, road safety, and air quality in communities all over the world.

As a member of the DevOps team, the DevSecOps Engineer will integrate security practices into development and operations processes to ensure that application development is secure while maintaining an efficient and fast-paced development lifecycle. As security becomes increasingly critical in today’s digital landscape, the DevSecOps Engineer plays a vital role in protecting customer data and helping our organization maintain a competitive edge. The ideal candidate is a self-starter with knowledge of best security practices and principles, and can work collaboratively in a fast-paced environment.

Responsibilities

• Maintain and update third-party dependencies, libraries, and container images to reduce security risks.
• Generate, manage, and maintain SBOMs to provide visibility into open-source and third-party components.
• Continuously monitor and track vulnerabilities across code, infrastructure, dependencies, and third-party components.
• Integrate and manage security tools (e.g., SAST, DAST, SCA, container scanning, SBOM tools) within CI/CD pipelines.
• Automate security testing, SBOM generation, and vulnerability reporting to enable rapid feedback for development teams.
• Collaborate with development and operations teams to enforce secure coding and deployment practices.
• Establish baselines for security metrics, provide visibility into risks, and recommend remediation strategies.
• Support compliance and audit requirements by ensuring proper logging, monitoring, SBOM documentation, and vulnerability reporting.
• Research emerging threats and best practices and propose improvements to our DevSecOps framework.
• Coordinate branching strategies and release management, including creation and deployment of hotfix versions when critical issues are identified.
• Developing and enforcing security policies by helping create guidelines that all team members must follow to keep the company’s data and systems safe.
• Responding to security incidents when a cybersecurity breach occurs, to help coordinate the response, working to resolve the issue, and minimize damage.
• Collaborate with development, operations, and InfoSec teams to ensure secure coding practices.
• Conduct security assessments and audits to identify vulnerabilities within the application and infrastructure.

Qualifications

• 3+ years of experience in DevOps, Cloud Engineering, and Application Security.
• Strong background in Information Technology
• Strong communication and collaboration skills
• Hands-on experience with software development, security practices, and IT operations
• Knowledge of the best security practices and principles
• Knowledge of security frameworks and standards (OWASP, NIST, CIS Benchmarks)
• Ability to work collaboratively in a fast-paced environment
• Certifications in Certified Information Systems Security Professional (CISSP), Certified DevSecOps Professional (CDP), Certified Secure Software Lifecycle Professional (CSSLP), etc.
• Proficiency in programming languages like Python, Java, JavaScript, Bash, PowerShell, etc.
• Experience using Docker, Snyk, Bitbucket, Github, Kubernetes, Helm, etc.
• Experience with CICD tools like Jenkins, Gitlab, or CircleCI
• Strong understanding of the Software Development Lifecycle
• Familiarity with cloud service providers such as AWS, Azure, Google Cloud, and their security measures
• Familiar with Compliance Frameworks such as ISO 27001 and SOC2

Q-Free America ensures our employees are happy and healthy. Our dynamic and comprehensive benefits package allows our employees to take care of themselves and their families. Our benefits package includes, but is not limited to, the following: health, vision, dental, 401(k) plan, EAP, and flexible benefits. Additionally, we offer company-paid life, short-term, and long-term disability insurance.

For more information, visit our website at www.q-free.com.

We thank all applicants for their interest; however, we will contact only qualified candidates.

Q-Free proudly celebrates diversity in our employees.

EOE/AA/M/F/Veteran/Disabled Drug-Free Workplace