DevSecOps Engineer

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions. 

The TrueML team includes inspired data scientists, financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.

We are seeking a Sr. Security Engineer to lead the integration of security across the software

development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and

application security, driving automation, scalability, and secure-by-default development practices.

You will design and implement security-first CI/CD pipelines, embed automated security testing, and

partner with engineering teams to ensure applications are built, deployed, and operated securely—at

scale

Security Automation & CI/CD Integration (Core Focus)

• Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD

pipelines

(GitHub Actions, Jenkins, GitLab CI, Azure DevOps)

• Design and maintain automated security workflows across build, test, and deploy stages

• Implement security gates, policy enforcement, and compliance checks within pipelines

• Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)

• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)

• Enforce least privilege access, secrets management, and runtime protections

• Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins)

• Strong hands-on experience with AWS cloud security

• Proficiency in application security tooling and integration

• Experience with container security (Docker, Kubernetes)

• Strong scripting/programming skills (Python, JavaScript)

• Understanding of modern DevSecOps and shift-left security practices

• Excellent collaboration skills across engineering, security, and DevOps teams

This role supports a global, cross-functional business and operates primarily in a Remote-First environment. However, flexibility outside of standard business hours and occasional local or international travel may be necessary for global operations support, company meetings, training, offsites, and collaborative projects.

This position primarily involves computer-based work, requiring extended periods at a computer, participation in virtual meetings, and use of standard office technology. We will consider reasonable accommodations to enable individuals to perform the essential functions of the role.

Maintaining a reliable internet connection and a professional work environment is expected. The ability to protect confidential company, employee, customer, and business information while working outside of a company office is also required.

We collect personal information for employment purposes. We do not sell personal information. Most of the information we have is provided to us by you and/or collected as part of the employment process. For more details on how we use, share, and delete personal information see our Privacy Policy.

We are  an equal opportunity employer. We promote, value, and thrive with a diverse and inclusive team. Different perspectives contribute to better solutions and this makes us stronger every day. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.