DevSecOps Engineer III

About The Position

Requirements

• 5–8+ years of experience in DevSecOps, SRE, or Cloud Security Engineering roles operating in production-critical environments
• Deep hands-on expertise with leading cloud providers (IAM, networking, security services, automation, zero-trust / least privilege, cost awareness)
• Practical experience operating and securing Kubernetes — including IaC-driven provisioning, policy enforcement, and observability
• Strong command of SCM administration — including RBAC, repo automation, organization policy enforcement, and secure SDLC controls
• Proficiency with Infrastructure as Code (Terraform, CDK, or equivalent) and configuration automation (e.g., Helm, ArgoCD, Crossplane, etc. a plus)
• Familiarity with ITSM-aligned engineering operations — enabling traceability, incident management, and operational readiness at scale
• Excellent communicator and proactive collaborator — able to influence cross-functional teams and advocate for secure-by-design principles

Nice To Haves

• Advanced understanding of cloud security, identity, secrets management, and automated governance — ideally aligned to frameworks like CSF 2.0, ISO, or SOC2
• Previous experience in fintech, blockchain, digital assets, or other highly regulated / high-trust environments
• Demonstrated experience owning and maturing CI/CD pipelines, with strong emphasis on supply-chain integrity, infrastructure automation, and SSDF-aligned delivery
• Strong self-starter with strong analytical and problem-solving skills

Responsibilities

• Lead the hardening and modernization of our GitHub ecosystem — consolidating organizations, implementing guardrails and RBAC best practices, and establishing policy-as-code governance at scale.
• Assess and evolve the current CI/CD posture — modernizing pipelines, evaluating tooling, and driving toward fully automated secure delivery workflows.
• Implement Secure Software Development Framework (SSDF) practices to embed “secure-by-design” principles throughout the SDLC — ensuring supply chain integrity from commit to production.
• Act as an SRE for new application infrastructure — building out observability, proactive reliability patterns, performance scaling strategy, and operational readiness.
• Design, manage, and automate cloud infrastructure (including container and container orchestration where applicable) through infrastructure-as-code — aligned to NIST CSF 2.0, least-privilege, and zero-trust security models.
• Develop and integrate ITSM operational workflows — introducing automation and process maturity where needed to align engineering velocity with auditable controls and resilience.
• Promote a culture of security across the organization.
• Be able to wear many hats, performing critically required duties as necessary, especially as the team is being developed.
• Occasional travel to other offices, customers, and vendor offices.

Benefits

• Medical, Dental, and Vision insurance
• 401(k)
• Disability insurance