Information Security Analyst - DevSecOps

Role Purpose

We’re hiring an Information Security Analyst who lives at the intersection of DevSecOps, Application Security, and Compliance‑as‑Code. You’ll embed security into our software delivery pipelines, harden cloud workloads, operationalize policy as code, and produce auditor‑ready evidence by design—not as an afterthought. Expect to partner closely with platform engineering, SRE, QA, and managed cloud providers in a shared‑responsibility model.

Why This Role Matters

Neology’s global operations demand a proactive security posture. By embedding DevSecOps best practices into every layer of technology and process this role is vital to protecting sensitive data, reducing operational risk, supporting business agility and innovation, and meeting compliance requirements. As cyber threats evolve this role gets to adapt the implementation of Zero Trust principles and advanced automation of compliance checks and assurance for long term security and efficiency.

Key Responsibilities

• DevSecOps & Platform Guardrails
  
  
  
  • Design and maintain CI/CD guardrails for SAST/SCA/DAST, container image scanning, and IaC checks; integrate findings into issue trackers with SLAs.
  
  
  • Enforce secure SDLC entry/exit criteria; drive PR checks (e.g., SonarQube quality gates, license policies) and verify SBOM generation & signing.
  
  
  • Partner with SRE/platform teams to set Kubernetes/EKS admission and network policies; validate egress controls and secrets hygiene.
  
  


• Application Security
  
  
  
  • Lead threat modeling for new services; define secure coding patterns and developer enablement (OWASP‑aligned training and playbooks).
  
  
  • Coordinate third‑party and internal penetration tests; track remediation to closure with measurable risk reduction.
  
  


• Compliance-as-Code & Evidence Automation
  
  
  
  • Translate NIST/ISO/SOC requirements into machine‑enforceable policies (e.g., AWS Config Conformance Packs, OPA policies) and automate evidence capture.
  
  
  • Maintain continuous compliance dashboards; deliver auditor‑ready evidence for periodic reporting and assessments.
  
  
  • Tune GuardDuty/Security Hub detections and triage flows.
  
  

Required Qualifications

• 3–5+ years in Information Security with a focus on DevSecOps/AppSec and cloud security (AWS preferred) and integrating automated security checks within pipelines.


• Hands‑on with: Git‑based CI/CD (GitHub Actions/GitLab/Bitbucket), IaC (Terraform/CloudFormation), container security (EKS/ECR), and policy‑as‑code (OPA/Rego, Conftest; Sentinel/Checkov).


• Demonstrated experience aligning SDLC and cloud controls to NIST 800‑53/800‑207 (Zero Trust), ISO 27001, and SOC 2.


• Strong ability to convert framework control statements into automated checks and durable evidence.


• Strong communication and collaboration skills to work across development, security, and operations teams.


• Ability to promote a security-first culture and provide training to developers.

Preferred Skills

• Ability to conduct risk assessments, penetration testing, and manage vulnerability remediation.


• Incident response skills.


• Experience with AI-driven security analytics for anomaly detection.


• Certifications: Azure (Identity & Access Admin), AWS Security Specialty, SSCP/Security+, CISSP, or similar.


• Exposure to regulated environments and customer audits; ability to “speak auditor” while staying developer‑friendly.

Location

This position is fully remote unless located in the San Diego area. Then occasional trips to the Corporate Office in Carlsbad may be requested (training, meetings, etc.). Applicants must be located in one of the following states: AL, CA, CO, FL, GA, KS, KY, MD, MI, MN, MO, NC, NJ, NV, NY, OH, OK, OR, SC, TX, VA, WA .

Compensation

We offer a base pay of $90,000 - $120,000, plus incentive compensation and benefits. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, and PTO. 

Sponsorship

This is a full-time, permanent position. US Citizens and those who are authorized to work independently in the United States are encouraged to apply. This includes GC-EAD, H4-EAD, and L1-EAD. We are unable to sponsor at this time. No OPT-EAD, H-1B, or TN candidates please.

About Neology

Neology, Inc. is a global technology company headquartered in Carlsbad, California, with manufacturing and operations facilities in North America, Latin America, Europe, and Asia Pacific. We’re partnering with our customers to [re]imagine mobility by combining Artificial Intelligence with state-of-the-art tolling, automated vehicle identification and classification, data processing, and digital payment systems – all delivered with superior service. It’s our mission to help communities around the world enhance mobility, increase sustainability, improve safety, and generate increased revenue.