Senior DevSecOps Engineer - Remote

Overview

As a Senior DevSecOps Engineer, you'll tackle complex security challenges—from securing our cloud infrastructure to optimizing security controls—crafting inventive strategies that drive operational efficiency across our expanding systems. You'll work closely with cross-functional teams to shape and implement security practices that ensure the safety and compliance of our business. If you thrive on ownership, collaboration, and pushing security boundaries in a dynamic environment, this role offers an opportunity to make a significant impact.

In Short

• Securing and optimizing our cloud services, with a primary focus on AWS, to ensure robust security and compliance.
• Following alignment with industry security best practices for DevOps services and tools.
• Supporting and enhancing our monitoring and alerting systems to detect and respond to threats together with our ProdSec team.
• Developing and implementing threat detection strategies to identify and mitigate potential risks.
• Automating the deployment of security controls to ensure consistent and scalable protection.
• Acting as a focal point for security and compliance-related queries and strategies within the DevSecOps team in our DevOps group, driving smarter security decisions that align with business goals.

Requirements

• 3+ years of experience in DevOps with a deep understanding of cloud security and best practices.
• Proven ability to identify common security risks and formulate and execute comprehensive security strategies.
• Experience with market-leading security tools and providers, coupled with scripting and development skills, preferably in Python.
• Extensive knowledge of internet protocols, architectures, and security design principles.
• Hands-on experience with AWS security and encryption services such as IAM Policy, KMS, GuardDuty, CloudTrail, and Identity Center (or equivalent).
• Strong understanding of security projects that address risks, including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management, and user awareness.
• Proven ability to gather and maintain evidence for security and compliance.
• Self-motivated with the drive to keep moving things forward.

Benefits

• One or more security-related certifications, such as CISSP, CEH, CISA, CISM, Security+, or similar.
• Experience in triaging security alerts and executing incident response.
• Experience with virtualization technologies, particularly in AWS services such as EKS.
• Strong sense of ownership, urgency, and drive.
• Shift-left mindset - i.e. how we’re an enabler rather than a bottleneck.
• Experience with compliance requirements (e.g., SOC2, ISO27001, HIPAA, PCI, etc.).