At HUB International, we are a team of entrepreneurs. We believe in empowering our clients, and we do so by protecting businesses and individuals in our local communities. We help businesses evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees. As a global firm, we offer employees resources in both technology and industry expertise, but we still maintain the local flavor of our offices. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence.
HUB is the 5th largest global insurance and employee benefits broker, providing a boundaryless array of property, casualty, risk management, life and health, employee benefits, investment and wealth management products and services. With over 17,000 employees in more than 550 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions.
As a Security Architecture Engineer with a focus on DevSecOps, you will play a critical role in ensuring that security is embedded throughout the software development lifecycle (SDLC) and in continuous integration/continuous deployment (CI/CD) pipelines. You will be responsible for designing, building, and maintaining security controls that ensure application, infrastructure, and cloud security across both on-premises and cloud environments.
In this role, you will collaborate with Security Architects, development, operations, and security teams to automate security processes and implement security as code. You will be expected to bring expertise in both DevOps practices and security principles to ensure rapid yet secure software delivery. This position requires strong technical skills and the ability to work in a fast-paced, collaborative environment.
Key Responsibilities
1. Security Integration in DevOps Pipelines
- Design and implement security solutions that integrate seamlessly with DevOps workflows and CI/CD pipelines.
- Automate security testing (SAST, DAST, IAST) and integrate with existing CI/CD tools like Jenkins, GitLab CI, Azure DevOps, or CircleCI.
- Develop and enforce security-as-code principles, ensuring that security policies and compliance controls are applied programmatically during application deployment.
- Collaborate with development teams to embed security into containerization and orchestration platforms like Docker and Kubernetes.
2. Secure Architecture Design & Reviews
- Review and advise on secure architectural patterns for applications, microservices, APIs, and cloud infrastructure.
- Perform threat modeling, risk assessments, and security reviews of applications and infrastructure to identify and mitigate security risks early in the development process.
- Ensure that the design and deployment of applications align with security best practices such as zero trust architecture, least privilege access, and data encryption.
3. Automation & Security Tooling
- Implement and maintain security automation tools to monitor and enforce security policies across the development lifecycle.
- Desired experience with tools such as Terraform, Ansible, or Puppet used to automate infrastructure provisioning with security baked in.
- Desired experience with tools used to manage and enhance security testing for code analysis, container security, and open-source vulnerabilities (e.g., Aqua, Twistlock, Trivy, Boost).
4. Vulnerability Management & Incident Response
- Work with development and operations teams to fix vulnerabilities identified during automated scans or manual reviews.
- Ensure continuous monitoring of cloud and application environments through security information and event management (SIEM) and cloud security monitoring tools.
- Establish security incident response workflows within DevOps processes to ensure rapid detection and remediation of security incidents.
5. Collaboration & Security Culture
- Serve as a liaison between development, operations, and security teams in a decentralized, regionally dispersed organization to drive the adoption of DevSecOps practices.
- Conduct training and knowledge-sharing sessions to educate developers and operations staff on secure coding practices, security testing, and DevSecOps principles.
- Work closely with compliance and governance teams to ensure that regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) are met within the DevOps environment.
6. Continuous Improvement
- Continuously assess and improve security processes and tools to keep pace with evolving threats and industry best practices.
- Stay current with the latest developments in DevOps, cloud security, and security automation technologies.
- Ensure that feedback loops are established to learn from past incidents and improve security in future iterations of software development.
Technical Requirements
1. Hands-On DevSecOps Experience
- Strong experience with DevOps tools and platforms (e.g., Jenkins, GitLab, Travis CI, Azure DevOps, CircleCI).
- Hands-on experience automating security tests (e.g., SAST, DAST, IAST) and integrating security tools into CI/CD pipelines.
- Desired exposure to container security tools (e.g., SentinelOne, Aqua Security, Twistlock, Sysdig).
- Desired experience with cloud infrastructure security for AWS, Azure, or Google Cloud, including the use of cloud security tools (e.g., AWS GuardDuty, Azure Security Center, GCP Security Command Center)
2. Programming & Scripting Skills
- Proficiency in at least one programming language (e.g., Python, Go, Java, Node.js) and scripting languages like Bash or PowerShell.
- Experience with infrastructure-as-code (IaC) tools such as Terraform, Ansible, Puppet, or Chef to automate security configurations.
- Familiarity with building and securing containerized environments, particularly with Docker and Kubernetes.
3. Cloud Security Expertise
- Knowledge of securing microservices architectures, API gateways, and distributed systems.
- Desired experience securing cloud-native services, containers, and serverless architectures.
- Desired experience in implementing identity and access management (IAM) policies, data encryption, network segmentation, and logging/monitoring in cloud environments.
4. Security Certifications (Preferred)
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- AWS Certified DevOps Engineer – Professional
- Certified Kubernetes Security Specialist (CKS)
- Certified Ethical Hacker (CEH)
Skills & Experience
- Bachelor’s Degree in Information Security, Computer Science, or related field (or equivalent work experience).
- 5+ years of experience in security engineering or DevSecOps.
- Strong understanding of security frameworks such as NIST, CIS, and OWASP Top 10.
- Experience in cloud security, including public cloud (AWS, Azure, GCP) and cloud-native applications.
- Demonstrated ability to work with development and operations teams to implement security controls in a DevOps environment.
Teamwork & Collaboration Expectations
- Collaborate with development, DevOps, and security teams to align on security requirements and practices within the SDLC.
- Work cross-functionally to identify security risks and enforce secure coding, cloud, and infrastructure practices.
- Provide technical leadership and mentor junior team members on DevSecOps practices and automation.
Ability to Work Independently
- Demonstrate the ability to work autonomously in developing and implementing security architectures for cloud and DevOps environments.
- Manage multiple projects independently, prioritizing tasks based on risk and business needs.
- Lead the identification and remediation of security issues within applications and infrastructure without requiring constant oversight.
Training & Development
Ongoing Training:
- Participate in continuous learning and training in cloud security, DevSecOps, and security automation technologies.
- Pursue professional training and/or certifications in areas such as cloud security and security automation (e.g., AWS Certified DevOps, CKS, CCSP).
Internal Training:
- Conduct internal training sessions to upskill developers and DevOps teams on secure coding and security automation.
- Participate in company-led cybersecurity training and awareness programs to stay aligned with organizational goals and strategies.
Although hybrid to a local HUB office is desirable, we are open to remote candidates.
Do you believe in the power of innovation, collaboration, and transformation? Do you thrive in a supportive and client focused work environment? Are you looking for an opportunity to help build and drive change in a rapidly growing and evolving organization? When you join HUB, you will be part of a community of learners and doers focused on helping our leaders maximize the potential of their employees.
Disclosure required under applicable municipal regulations in NY and NJ, as well as the law in Colorado: The expected salary range for this position is $125,000 to $140,000 and will be impacted by factors such as the successful candidate’s skills, experience and working location, as well as the specific position’s business line, scope and level. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance, FSA, HSA and 401(k) accounts, paid-time-off benefits, and eligible bonuses, equity and commissions for some positions.
Department Information TechnologyRequired Experience: 5-7 years of relevant experienceRequired Travel: NegligibleRequired Education: Bachelor’s degree (4-year degree)
HUB International Limited is an equal opportunity and affirmative action employer that does not discriminate on the basis of race/ethnicity, national origin, religion, age, color, sex, sexual orientation, gender identity, disability or veteran’s status, or any other characteristic protected by local, state or federal laws, rules or regulations. The EEO is the Law poster and its supplement is available here athttp://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm.
EEOAA Policy
E-Verify Program
We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the US Recruiting Team toll-free at (844) 300-9193 or[email protected]. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.