DevSecOps Engineer

About Hazeltree Fund Services Inc.

Hazeltree is a global leader in cloud-based treasury solutions, empowering investment firms with cutting-edge technology to optimize financial performance, enhance liquidity, and mitigate risk. As part of our commitment to security and innovation, we are expanding ourInformation Security Teamand seeking aDevSecOps Engineerto drive security automation and best practices across our cloud infrastructure and IT operations.

Job Overview

As aDevSecOps Engineer, you will play a pivotal role in integrating security practices into ourDevOps pipeline and IT operations. Working at the intersection ofoperations, security, and development, you will collaborate closely with internal teams tosafeguard critical business operationsby design and default. You will be responsible for security automation,CI/CD pipeline enhancements, andcloud security management, ensuring compliance with industry standards.

Key Responsibilities

Security & DevOps Integration:

• Support and extend thesecured CI/CD pipelineto enhance development security.
• Work with development teams to optimize infrastructure security.

Cloud & Infrastructure Security:

• Maintain and secureAWS cloud infrastructurefor clients and internal operations.
• AutomateAWS infrastructure buildsfollowingCIS hardening standards.
• Ensure top-tiersecurity configuration, access management, and incident responseon cloud platforms.

Operational Support & Incident Response:

• Support business-criticalWindows and Linux-basedenvironments.
• Monitor and respond tosecurity alertsacross Infosec, servers, firewalls, and applications.
• Conductcontinuous monitoringof internal and third-party information security controls.

Threat & Vulnerability Management:

• AssessSAST (Static Application Security Testing)andDAST (Dynamic Application Security Testing)scans.
• Implementremediation and mitigationstrategies in collaboration with development teams.
• Maintainnetwork security protocols, firewalls, and threat management platforms.

Compliance & Risk Management:

• Ensure compliance withISO 27001:2022, SOC1 Type2, and SOC2 Type2standards.
• Provide support for security audits, policy implementation, andKPI/KRI monitoring.

Qualifications & Requirements

Technical Skills:

Cloud & Security Expertise:

• Hands-on experience withAWS (or other cloud-based solutions).
• Strong understanding ofsecured Software Development Lifecycle (SDLC)andCI/CD platforms.
• Familiarity withOWASP, CIS frameworks, and security best practices.

Infrastructure & Scripting Knowledge:

• Proficiency inMicrosoft platforms(Office 365, IIS, .NET, SQL Server, Windows Server, Active Directory).
• Strong scripting skills inPowerShell(highly beneficial).
• Experience withCloud-based security tools(email security gateways, IAM, endpoint security, threat management).

DevOps & IT Service Management (ITSM):

• Experience withJira (Atlassian automation), ServiceNow, or other ITSM platforms.
• Understanding ofincident management processesand security KPIs.

Networking & Compliance:

• Strong knowledge ofnetwork security protocols, vulnerability management, and firewalls.
• Proven experience insecurity compliance frameworks and industry regulations.

Soft Skills:

• Analytical & Problem-Solving:Ability to analyze security risks and develop practical solutions.
• Communication:Ability to explain complex security topics to both technical and non-technical stakeholders.
• Collaboration:Experience working incross-functional teamswith a proactive, team-first mindset.
• Adaptability & Resilience:Ability to stay composed and think strategically in high-pressure situations.
• Ethical Integrity:Strong sense of responsibility fordata confidentiality and compliancewith privacy regulations.

Education & Certifications:

• Bachelor’s degree in Computer Engineering, Cybersecurity, or a related field.
• 3+ years of experiencein aDevOps or DevSecOps role.
• Bonus Certifications (Preferred, not required):
• AWS CertifiedDevOps Engineer
• AWSSolutions Architect
• AWSSysOps Administrator
• CertifiedDevSecOpsor other security-related certifications

What We Offer

• Competitive salaryand performance-based incentives.
• Comprehensive benefits package, including health, dental, and vision insurance.
• Retirement savings planwith employer contributions.
• Opportunities forprofessional growth, training, and certifications.
• Adynamic and collaborative work environmentat the forefront of cloud security and treasury technology.

Candidates must have the legal right to work without the need for sponsorship, now or in the future.