Our premise for security engineering is simple, and is backed up by our experience with multiple teams releasing high quality software. Modern software teams often lack quality, experience-driven guidance on how to implement security engineering for their software/product. DevOps organizations, in particular, aim to move towards a ma- ture DevSecOps model. However, within the software industry there is not a clear definition of what DevOps and DevSecOps even mean. Rather than attempt to define what DevSecOps is and why it is important, this white paper will outline key security engineering practices we use successfully with our customers, many of which follow a DevOps/DevSecOps model for managing their infrastructure and releasing their products.