Dev/Sec Ops Engineer

About The Position

Requirements

• 8+ years in DevOps/Platform/SRE with a security-first mindset.
• Strong IAM design (cloud + Kubernetes RBAC), OIDC/OAuth2, SSO/IdP (e.g., Okta/Azure Entra).
• Production Terraform experience (workspaces, modules, remote state, CI-driven plans/applies).
• Hands-on GitHub Actions (self-hosted runners, OIDC to cloud, environments/protections, matrix builds).
• Operating Kubernetes in production (Helm, networking, ingress, autoscaling, upgrades, backups/DR).
• Practical use of security scanners (e.g., Wiz, Trivy/Grype, Dependabot, Checkov/tfsec), and policy-as-code.
• Proficient with one or more clouds (AWS), Linux, containers, and networking fundamentals.
• Strong scripting in Python or Bash; Infrastructure troubleshooting and debugging skills.
• Clear communication, ownership, and ability to drive cross-team initiatives.

Nice To Haves

• HashiCorp Vault, keeper/Kyverno, service mesh (Istio/Linkerd), or CNI like Cilium.
• GitOps at scale (Argo CD multi-app/multi-cluster), progressive delivery (Argo Rollouts/Flagger).
• Experience with SIEM, detections, or security data pipelines.
• Knowledge of data protection (PII), tokenization, and regional compliance.
• Background in financial/insurance/auto domains (regulated environments).

Responsibilities

• Design and implement least-privilege IAM (users, roles, policies, SSO/OIDC) across cloud and Kubernetes (RBAC, service accounts, Pod Security Standards).
• Build/maintain Terraform modules and environments (prod/non-prod), enforce drift detection, and apply policy-as-code (OPA/Conftest, Sentinel, Checkov/tfsec).
• Own GitHub Actions pipelines (build/test/scan/sign/release), reusable workflows, environment protections, required reviews, and deployment gates.
• Operate Kubernetes clusters (EKS/AKS/GKE or on-prem): cluster lifecycle, Helm/Kustomize, GitOps (Argo CD/Flux), NetworkPolicies, ingress, secrets.
• Embed software supply chain security: SCA/SAST/DAST, container/IaC scanning, SBOM generation, image signing (Cosign), provenance (SLSA).
• Implement secret management (Vault/Secrets Manager/KMS), key rotation, and secure parameter stores.
• Stand up observability: metrics, logs, traces (Prometheus/Grafana/ELK/Cloud-native), and actionable alerts.
• Automate incident response runbooks; support on-call for platform/security events.
• Partner with AppSec and product teams on threat modeling, secure design reviews, and remediation.
• Contribute to compliance initiatives (SOC 2/ISO 27001) with evidence automation and configuration baselines.
• Drive cost, reliability, and capacity guardrails; champion platform DX and documentation.