DevOps Engineer – Security Assurance (SCA & SAST Focus)
Technology, Data & Digital · IT Infrastructure & Security · DevOps · Cybersecurity
Smart Summary
AI-generated overview of this position
Company:
Qualcomm Intl Inc., Mexico Branch Office
Job Area:
Information Technology Group, Information Technology Group > IT Engineering
General Summary:
Role Summary
We are seeking an experienced DevOps Engineer – Security Assurance to support, build, and operate secure, scalable CI/CD platforms with deep integration of Application Security (DevSecOps) practices. This role is responsible for embedding Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools into enterprise CI/CD workflows, ensuring vulnerabilities are detected early and remediated efficiently across cloud and on‑prem environments.
The ideal candidate brings strong hands-on experience with cloud platforms (AWS), GitHub-based CI/CD, and Linux systems, coupled with proven expertise integrating and scaling security tools within developer workflows.
Key Responsibilities
DevSecOps & Security Assurance
Integrate, operate, and scale SAST and SCA tools within CI/CD pipelines to enable automated vulnerability detection and compliance.
Embed shift-left security practices across build, test, and deployment pipelines.
Partner with Security, Compliance, and Engineering teams to define and enforce application security standards.
Automate policy enforcement, vulnerability thresholds, and security gating within CI pipelines.
Analyze and triage security findings, reducing false positives and improving developer adoption.
Support audit, compliance, and security reviews by providing evidence from CI/CD security controls.
Support on-prem server infrastructure of Security Assurance Tools and workflows.
Integrate CI/CD pipelines with source code management systems such as GitHub, Perforce (P4), and related tools.
Troubleshoot complex pipeline, build, infrastructure, and security issues across hybrid cloud and on‑prem environments.
Create and maintain clear documentation, runbooks, and architectural designs.
Required Qualifications
Proven experience integrating SAST and SCA tools into CI/CD pipelines.
Strong experience building cloud-based CI/CD pipelines, especially using GitHub and GitHub Actions.
Strong understanding of Security Assurance tools like Klocwork, Sonarqube, Linux systems (Debian-based preferred) and CI/CD workflows.
Solid knowledge of application security concepts, including:
Open-source dependency risk
Secure coding practices
Vulnerability management and remediation workflows
Experience supporting large-scale CI or build platforms used by multiple teams.
Strong scripting and automation skills (Bash, Python, or similar).
Excellent communication skills with the ability to work effectively across engineering, IT, and security teams.
Preferred / Nice-to-Have Skills
Experience with common SAST tools (e.g., Klocwork, CodeQL, SonarQube).
Experience with SCA tools (e.g., Black Duck, Snyk, WhiteSource/Mend, OSS Review Toolkit).
Familiarity with hybrid cloud and on‑prem architectures.
Experience with artifact repositories, package management, or build caching strategies.
Exposure to container-based CI workloads (Docker, ephemeral runners).
Understanding of security compliance frameworks and audit requirements.
Experience improving developer security adoption through automation and usability improvements.
Minimum Qualifications:
• 3+ years of IT-related work experience with a Bachelor's degree.
OR
5+ years of IT-related work experience without a Bachelor’s degree.
Applicants: Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail [email protected] or call Qualcomm's toll-free number found here. Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries).
Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law.
To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications.
If you would like more information about this role, please contact Qualcomm Careers.