DevSecOps Engineer

Job Requisition ID #

26WD96805

Position Overview

We are seeking an experienced DevSecOps Engineer to lead security initiatives across our customer data, applications, and infrastructure at Autodesk. In this role, you will serve as a technical leader and subject matter expert, collaborating strategically with multiple security and engineering teams to architect and implement scalable, enterprise-grade security solutions. You will drive the security-first mindset across our organization by designing innovative security controls, mentoring junior team members, and establishing best practices for the broader engineering community. This role requires deep expertise in AWS security, infrastructure automation, and application security, combined with the ability to influence stakeholders at all levels and drive adoption of security-by-design principles.

Responsibilities

• Lead shift-left security initiatives by introducing and implementing advanced security testing frameworks within CI/CD pipelines (SAST, DAST, SCA, container scanning, secrets management), while establishing metrics and best practices for the broader organization
• Develop scripts and automation to support dependency analysis, reporting, and security workflows
• Contribute to documentation, standards, and best practices related to dependency management, open-source usage, and secure software development
• Develop high-quality, maintainable code in Python, Golang, or related languages for security tooling, automation frameworks, and integrations that serve Autodesk security teams and the wider engineering community
• Triage and analyze vulnerability findings from SCA tools (e.g., Black Duck, Dependabot), validate impact, and partner with product teams on remediation strategies
• Partner with cross-functional security teams-including infrastructure, engineering, operations, incident response, and offensive security-to translate security requirements into scalable technical solutions and comprehensive security programs
• Establish security standards and best practices by conducting security architecture reviews, leading design discussions, and providing technical guidance to engineering teams on implementing security controls and threat mitigation strategies
• Evaluate, customize, and integrate commercial and open-source security tools to meet Autodesk's specific requirements, improving tooling capabilities through custom extensions and integrations where needed
• Mentor and develop junior team members, sharing knowledge about DevSecOps best practices, security architecture, and engineering excellence

• 3+ years of experience in security operations, application security, or DevSecOps roles
• Basic scripting or automation experience in a language such as Python, Golang, or equivalent
• Deep knowledge of application security practices including secure coding, OWASP Top 10, API security, threat modelling, and common vulnerability categories (SAST, DAST, SCA)
• Experience automating security or development workflows using Python or similar scripting languages
• Familiarity with vulnerability management processes and remediation prioritization
• Familiarity with CI/CD pipelines and modern development workflows (e.g., Git-based version control)
• Proven ability to design security architectures that address complex threat models and organizational compliance requirements at scale
• Excellent communication and leadership skills with the ability to influence and communicate technical security concepts clearly to diverse audiences (executives, developers, security teams, operations)
• Strong REST and GraphQL API experience, including security implications of API design, authentication, authorization, and API-centric architectures