Role Summary
The Dev/Ops AppSec & Security Engineer is a hybrid role supporting both the Application Support
Team and the Security Team. This position is responsible for embedding security best practices into
the application lifecycle, while also serving as a core resource for organizational security initiatives.
The engineer collaborates closely with the Virtual Information Security Manager (vISM) and other
security stakeholders to drive vulnerability management, penetration test remediation, and
comprehensive security assessments. This role ensures that solutions are robust, compliant, and
resilient against threats, and that security objectives are met across both application and
infrastructure domains.
Core Responsibilities
Application Security
• Guide developers and engineers on secure coding standards and practices.
• Perform code reviews and static/dynamic analysis to identify vulnerabilities.
• Integrate security tools into CI/CD pipelines for automated scanning and compliance.
• Design and implement authentication, authorization, and encryption for APIs and
applications.
• Assess and remediate risks in REST/SOAP integrations, data pipelines, and custom
applications.
Security Engineering (Security Team Support)
• Collaborate with the vISM and Security Team to manage vulnerability identification, tracking,
and remediation across applications and infrastructure.
• Coordinate and support penetration testing activities, including scoping, execution, and
remediation of findings.
• Conduct security assessments for new and existing systems, documenting risks and
recommending mitigation strategies.
• Develop and maintain threat models for applications and infrastructure.
• Respond to security incidents, perform root-cause analysis, and document lessons learned.
• Support compliance initiatives (e.g., GDPR, HIPAA, PCI-DSS) and assist with audit preparation
and evidence collection.Security Automation & Monitoring
• Build and maintain security automation scripts and workflows (e.g., for vulnerability scanning,
alerting, and compliance checks).
• Integrate security monitoring into Azure Pipelines, Data Factory, and related services.
• Maintain comprehensive security documentation, diagrams, and operational procedures.
Cross-Team Collaboration
• Work with Business Analysts to translate security requirements into actionable specifications.
• Educate stakeholders on security risks, trade-offs, and mitigation strategies.
• Participate in client meetings to address security concerns and present solutions.
Required Skills & Experience
• Proficiency in secure coding, application security frameworks (OWASP, NIST), and
vulnerability management.
• Experience with security tools (SAST, DAST, dependency scanning, SIEM).
• Strong understanding of authentication, authorization, and encryption protocols.
• Familiarity with CI/CD pipelines, Azure DevOps, and security automation.
• Experience with penetration testing methodologies and remediation processes.
• Ability to investigate, respond to, and remediate security incidents.
• Skill in root-cause analysis and forensic investigation.
• Ability to explain technical security concepts to non-technical stakeholders.
• Experience working with cross-functional teams (engineering, business analysis, operations,
security).
Preferred Experience
• Experience with cloud security (Azure preferred), API security, and data protection.
• Background in software development or DevOps environments.
• Familiarity with regulatory compliance frameworks and client-facing security reviews.
• Experience in consulting or Managed Service Provider (MSP) environments.
How This Role Complements the Team:
• Ensures solutions designed by the Business Analyst and built by the Dev/Ops Engineer are
secure, compliant, and resilient.• Bridges technical and business requirements, proactively addressing risks and enabling
secure innovation.
• Strengthens the organization’s overall security posture by supporting vulnerability
management, pentest remediation, and security assessments in partnership with the vISM
and Security Team.
Why GXA?GXA is a fast growing, exciting Managed Service Provider and IT Company serving clients in the DFW Metroplex. We have a high client retention and exceptional satisfaction rate because we provide a very unique approach to IT service delivery. Our reputation of being a trusted business technology partner is one we’ve worked hard to maintain and keeping our clients at the forefront of their industries is something we take very seriously. You will be proud to represent us and be part of such a unique team.We are always looking to hire the most talented team members and work even harder to keep them. We offer a competitive compensation package, benefits and an awesome company culture. If you are a top performer looking to join a team where you will be challenged to grow, thrive and positively contribute, send us your resume.Our MissionWe really have just one mission at GXA and that is to serve. Using our technology industry knowledge and capabilities, we help our clients build a stronger business and we get on opporunity to build stronger communities. We make sure that their businesses perform at the highest level possible.Using the profits from the success of working with our clients, we serve by giving back to help build a better world. We are driven by a higher purpose. Philanthropy is at the heart of our business and the passion to make the world a better place. Our company is involved in several humanitarian missions and outreaches.We achieve this by working as a team, have a lot of fun doing it and growing.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Security Engineer Q&A's