DevSecOps Engineer

Momnt•Atlanta, GA

14d•Hybrid

About The Position

Momnt is an expanding financial technology company specializing in embedded lending and point-of-need consumer financing based in Sandy Springs, GA. We are transforming how merchants provide financing to their customers with our embedded lending platform. Our platform delivers a seamless digital experience that makes financing simple, fast, and affordable, connecting high-quality lenders with merchants, primarily in the home improvement sector, to empower consumers to pay for the things they need. We’re looking for a hands-on DevSecOps Engineer with deep AWS experience, strong AWS CDK skills, and practical experience securing CI/CD pipelines using GitHub Actions. This person should be comfortable working across AWS infrastructure, Kubernetes, IAM, networking, CI/CD security, Trivy, SAST, DAST, Datadog, automation, monitoring, incident response, and compliance. Our infrastructure is currently managed through AWS CDK, so strong hands-on experience with CDK is required. Terraform experience is also strongly preferred, as Momnt may use Terraform for future infrastructure projects. In a company our size, you won’t just advise from the sidelines. You will be directly involved in building, securing, automating, and improving the systems that support our platform. You’ll own key parts of our infrastructure security posture, cloud environments, CI/CD security, and compliance readiness while working closely with engineering leadership and developers. If you want a role where you can see the direct impact of your work, have genuine autonomy, and help shape the security culture of a regulated fintech from the ground up, this is it.

Requirements

5+ years of combined DevOps, cloud infrastructure, security engineering, DevSecOps, or platform engineering experience.
Deep hands-on AWS experience, including production experience managing AWS infrastructure at scale.
Strong hands-on experience with AWS CDK is required.
Working experience with Terraform is strongly preferred, as Momnt may use Terraform for future infrastructure projects.
Strong understanding of AWS DevOps practices, including CI/CD, IAM, networking, observability, deployment automation, and infrastructure lifecycle management.
Strong experience with GitHub Actions and secure CI/CD pipeline design.
Hands-on experience with Trivy for vulnerability scanning, container image scanning, dependency scanning, or infrastructure scanning.
Practical experience with SAST and DAST tools and how to integrate them into developer workflows.
Familiarity with Datadog for observability, alerting, logging, dashboards, and security investigations.
Strong hands-on scripting experience with Bash and Python for automation, infrastructure operations, security tooling, and CI/CD workflows.
Experience securing containerised workloads using Docker and Kubernetes, preferably EKS.
Experience implementing security gates in CI/CD pipelines without creating unnecessary friction for developers.
Practical knowledge of compliance frameworks such as SOC 2, PCI-DSS, or equivalent.
Experience with vulnerability management, patch management, security monitoring, and incident response.
Ability to independently own security tooling selection, implementation, and day-to-day operations.
Comfort operating independently in an ambiguous, fast-moving startup environment.
Strong communication skills and the ability to work directly with developers, auditors, and leadership.

Responsibilities

Own and improve infrastructure as code standards, reusable CDK constructs, deployment patterns, and environment consistency.
Support future infrastructure as code initiatives using Terraform, if adopted.
Manage AWS environments across core services such as IAM, VPC, EKS, ECS, Lambda, API Gateway, CloudFront, WAF, Route 53, S3, RDS, KMS, Secrets Manager, CloudWatch, Security Hub, GuardDuty, and AWS Config.
Manage and harden Kubernetes environments, including EKS clusters, container runtimes, workload identities, ingress controls, network policies, and image security.
Own cloud networking architecture, including VPCs, subnets, routing, security groups, private endpoints, WAF, and zero trust access controls.
Implement and enforce least-privilege IAM policies across AWS accounts, services, applications, and CI/CD workflows.
Build, maintain, and secure CI/CD pipelines using GitHub Actions.
Integrate security controls into CI/CD workflows, including Trivy, SAST, DAST, dependency scanning, container image scanning, infrastructure scanning, and secrets detection.
Use Datadog for logging, monitoring, alerting, dashboards, threat detection, and incident investigation.
Write and maintain automation scripts in Bash and Python to support AWS operations, CI/CD workflows, vulnerability management, security monitoring, and recurring operational tasks.
Support shift-left security by making secure development and deployment practices easy for developers to adopt.
Manage vulnerability management, patching cadence, and remediation tracking across infrastructure, containers, and application environments.
Conduct internal security assessments and coordinate external penetration tests and security reviews.
Respond to security incidents, lead post-mortems, document lessons learned, and drive remediation.
Support and maintain compliance programs, including SOC 2 Type II, PCI-DSS, and relevant financial technology requirements.
Own evidence collection, control mapping, auditor communication, and compliance documentation.
Maintain encryption-at-rest, encryption-in-transit, data residency, and key management standards.
Partner with legal, product, and engineering teams to assess third-party vendor security risk.
Produce practical runbooks, threat models, architecture diagrams, and security documentation that engineering teams can actually use.
Run periodic security awareness and secure engineering training sessions.