Skills

Required

5+ years of experience in Security Engineering, Application Security, Security Operations, or DevSecOps roles
Experience working with cloud platforms such as AWS, Azure, or GCP
Experience with Docker, Kubernetes, and cloud-native technologies
Strong understanding of secure software development lifecycle (SSDLC)
Deep knowledge of Secure Coding Practices, OWASP Top 10, OWASP API Security Top 10, Threat Modeling, Vulnerability Management
Hands-on experience with SAST, DAST, SCA, Container Security, Secrets Management
Experience automating workflows using Python, Golang, Bash, TypeScript, or equivalent languages
Familiarity with CI/CD pipelines and Git-based development workflows
Experience designing security architectures that address complex threat models and compliance requirements
Strong REST and GraphQL API experience, including authentication, authorization, and API security best practices
Excellent communication and stakeholder management skills

Nice to have

Experience with AI/ML platforms such as MLflow, Kubeflow, SageMaker, Vertex AI, or Databricks
Experience securing Generative AI, LLM applications, AI agents, and RAG architectures
Knowledge of MITRE ATLAS
NIST AI Risk Management Framework
Responsible AI principles
Experience with Kubernetes security and cloud-native security platforms.
Familiarity with SOC2, ISO 27001, NIST, HIPAA, or GDPR compliance frameworks
Security certifications such as CISSP, CCSP, CSSLP, CKS, or AWS Security Specialty
Python, TypeScript, Terraform, Kubernetes, Docker, GitHub Actions, GitLab CI, Jenkins, AWS / Azure / GCP, Snyk, SonarQube, Open Telemetry, Prometheus, Grafana, ELK/OpenSearch, Comet Opik

What the JD emphasized

AI/ML platforms

model training pipelines

inference services

AI applications

Generative AI

LLM

RAG

agent-based systems

responsible AI

GPU workloads

Kubernetes

DevSecOps

CI/CD pipelines

cloud-native architectures

AWS, Azure, GCP

Terraform

OWASP

Vulnerability Management

Observability

OpenTelemetry

Prometheus

Grafana

ELK/OpenSearch

Job Requisition ID #

26WD98448

Position Overview

We are looking for a DevSecOps Engineer to help build, secure, and scale our AI/ML platforms and services. In this role, you will partner with AI/ML Engineers, Data Scientists, Platform Engineers, and Security teams to integrate security throughout the software and machine learning development lifecycle.

You will be responsible for designing secure cloud-native architectures, automating security controls, implementing DevSecOps practices, and enabling secure AI innovation at scale.

Responsibilities

AI/ML Platform Security
Design and implement security controls across AI/ML platforms, model training pipelines, inference services, and AI applications
Enable secure deployment and operation of Generative AI, LLM, RAG, and agent-based systems
Support model governance, AI risk management, and responsible AI initiatives
Secure AI infrastructure including GPU workloads, Kubernetes clusters, and distributed training environments
DevSecOps & Security Automation
Drive shift-left security practices across engineering teams
Integrate SAST, DAST, SCA, container security scanning, and secrets detection into CI/CD pipelines
Develop automated security controls and policy enforcement mechanisms.
Build security tooling and automation using Python, Golang, TypeScript, or similar technologies
Improve software supply chain security through dependency management and artifact validation
Cloud & Infrastructure Security
Build and maintain Infrastructure as Code (IaC) using Terraform, CloudFormation, and related tools
Secure AWS, Azure, and GCP environments
Implement identity and access management (IAM), secrets management, and Zero Trust principles
Conduct cloud security architecture reviews and risk assessments.
Application Security
Perform threat modeling and security design reviews
Establish secure coding standards and security best practices
Secure REST and GraphQL APIs, authentication services, and microservices architectures
Ensure alignment with OWASP Top 10 and OWASP API Security standards.
Vulnerability Management
Manage vulnerability identification, triage, prioritization, and remediation processes
Assess findings from tools such as Black Duck, Snyk, Trivy, SonarQube, and Checkov
Partner with engineering teams to resolve security issues effectively
Define security metrics and reporting mechanisms
Monitoring & Operations
Implement observability and security monitoring solutions using OpenTelemetry, Prometheus, Grafana, ELK/OpenSearch, and cloud-native tools
Support incident response, forensic investigations, and root cause analysis.
Develop security dashboards and operational reporting

Minimum Qualifications

5+ years of experience in Security Engineering, Application Security, Security Operations, or DevSecOps roles
Experience working with cloud platforms such as AWS, Azure, or GCP
Experience with Docker, Kubernetes, and cloud-native technologies
Strong understanding of secure software development lifecycle (SSDLC)
Deep knowledge of Secure Coding Practices, OWASP Top 10, OWASP API Security Top 10, Threat Modeling, Vulnerability Management
Hands-on experience with SAST, DAST, SCA, Container Security, Secrets Management
Experience automating workflows using Python, Golang, Bash, TypeScript, or equivalent languages
Familiarity with CI/CD pipelines and Git-based development workflows
Experience designing security architectures that address complex threat models and compliance requirements
Strong REST and GraphQL API experience, including authentication, authorization, and API security best practices
Excellent communication and stakeholder management skills

Preferred Qualifications

Experience with AI/ML platforms such as MLflow, Kubeflow, SageMaker, Vertex AI, or Databricks
Experience securing Generative AI, LLM applications, AI agents, and RAG architectures
Knowledge of MITRE ATLAS
NIST AI Risk Management Framework
Responsible AI principles
Experience with Kubernetes security and cloud-native security platforms.
Familiarity with SOC2, ISO 27001, NIST, HIPAA, or GDPR compliance frameworks
Security certifications such as CISSP, CCSP, CSSLP, CKS, or AWS Security Specialty
Preferred Skills Python, TypeScript, Terraform, Kubernetes, Docker, GitHub Actions, GitLab CI, Jenkins, AWS / Azure / GCP, Snyk, SonarQube, Open Telemetry, Prometheus, Grafana, ELK/OpenSearch, Comet Opik

#LI-SJ1

Learn More

About Autodesk

Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

We take great pride in our culture here at Autodesk – it’s at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.

When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

Salary transparency

Salary is one part of Autodesk’s competitive compensation package. Offers are based on the candidate’s experience and geographic location. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

Diversity & Belonging We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging

**Are you an existing contractor or consultant with Autodesk? **

Please search for open jobs and apply internally (not on this external site).