Director of DevOps/SecOps

ServiceCore•Denver, CO

About The Position

ServiceCore is the leading field service software platform built for the portable sanitation and roll-off industries. We run two SaaS products - ServiceCore for liquid waste operators (portable sanitation & septic) and Docket for solid waste haulers (roll-off dumpster, commercial & residential waste) - serving thousands of operators across North America. Our software helps hardworking business owners save time, stay organized, and get paid faster by streamlining job management, route optimization, inventory tracking, and billing automation. Our customers work hard, and so do we—giving them tools to get more done with less stress. We live by our core values of Love Our Customers, Be Real, Give a Shit, Deliver Results and of course Keep it Fun. ServiceCore provides hard-working individuals the opportunity to work and grow within an agile, fast-paced start-up environment. We are proud of our accomplishments and take our jobs seriously while not taking ourselves too seriously. We believe in growing together, celebrating successes, and empowering each team member to make a real impact. We build big things, help hard-working people, and try to enjoy the journey. If that sounds like your kind of place, read on. We’re looking for a Director of Dev/SecOps to own the security posture and operational foundation across ServiceCore’s entire cloud environment. This is a security-first leadership role - you’ll be the person who makes sure we build and ship software the right way: securely, reliably, and at speed. You’ll be operating across two distinct cloud platforms: ServiceCore runs on AWS, while Docket runs on GCP with Firebase at its core. That means you’re not just securing one stack - you’re building a unified security program across two cloud providers, two codebases, and 20+ third-party integrations. We’re also an AI-first development organization, and that creates a genuinely new set of responsibilities for this role. We’re already using a wide range of AI tools across engineering; you’ll be the person who governs that toolchain: helping us evaluate what to adopt, setting the policies that protect our customers’ data, and making sure our AI usage doesn’t become a security liability as we scale. This role reports to senior leadership and owns the security roadmap end-to-end. It’s a builder role - you’ll inherit a solid foundation and have the mandate to make it great.

Requirements

10+ years of experience in DevOps, SecOps, or a combined DevSecOps role
3+ years in a leadership or management capacity with direct reports
Deep hands-on experience with AWS security: IAM, VPC, ECS, Lambda, SQS, RDS, DynamoDB, Secrets Manager, CloudWatch, CloudFormation
Meaningful experience with GCP and/or Firebase: Firestore security rules, Cloud Functions security, GCP IAM, service account management
Experience owning or significantly contributing to SOC 2 Type II audits
Strong background in securing CI/CD pipelines and containerized workloads (Docker, ECS or EKS)
Demonstrated experience governing third-party integrations and API security at scale
Working knowledge of SAST, DAST, SCA, dependency scanning, and secrets management tooling
A real point of view on AI tool security - you understand the risks of coding assistants, LLM APIs, MCP-connected agents, and AI embedded in developer workflows, and you know how to manage them without killing productivity
Ability to communicate risk and security concepts clearly to non-technical audiences and executives
Background in SaaS with understanding of multi-tenant security architecture

Nice To Haves

Relevant certifications: CISSP, AWS Security Specialty, Google Professional Cloud Security Engineer, CCSP, or equivalent
Experience with PCI-DSS compliance in a SaaS context
Familiarity with Cloudflare security features: WAF, Zero Trust, Workers, DDoS protection
Experience securing PHP legacy applications alongside modern microservices
Hands-on experience with vector database security (e.g., Qdrant) or AI/ML pipeline security
Experience defining data governance policies for AI tools in a software engineering organization
Background building DevSecOps functions from scratch at a growth-stage company

Responsibilities

AI Tool Governance & Security: Partner with the AI Council and Engineering Directors to build our AI tool evaluation framework - define the security, privacy, and compliance criteria we use to assess every new AI tool before adoption. Govern our multi-LLM provider relationships - review data processing agreements, audit data retention policies, and ensure contractual protections for customer data. Establish and enforce policies around what data can flow through AI services: PII boundaries, source code confidentiality rules, and customer data handling requirements for coding assistants, LLM APIs, and agentic tools. Define secure patterns for integrating LLM capabilities into our products - prompt injection defenses, output validation, model access controls, and logging/observability for AI-driven features. Build and maintain an AI tool inventory with risk classifications; lead periodic reviews as the landscape evolves. Partner with engineering and product to help us get the productivity benefits of AI without creating new risk exposure.
Security Leadership: Own and continuously improve our security posture across AWS and GCP/Firebase. Lead threat modeling, vulnerability management, and security incident response programs. Establish and enforce security policies, standards, and controls across the full SDLC. Champion a security-first engineering culture - make secure the path of least resistance for developers. Manage relationships with external auditors, penetration testers, and compliance bodies.
Compliance & Risk: Drive and maintain SOC 2 Type II compliance; own evidence collection and audit processes across both platforms. Manage PCI-DSS considerations across payment processor integrations. Build and maintain a risk register; proactively surface and prioritize risks to leadership. Own third-party vendor security reviews across our 20+ integration partners - including AI vendors. Monitor regulatory developments relevant to SaaS, AI, and the industries we serve.
DevOps & Platform Engineering: Secure CI/CD pipelines across both cloud environments - secrets management, dependency scanning, SAST/DAST. Lead infrastructure-as-code strategy and ensure security guardrails are built in by default. Own cloud security architecture. Secure Cloudflare CDN/WAF configuration, DDoS posture, and DNS hygiene. Drive incident response readiness: runbooks, on-call processes, post-mortems, and SLA accountability.
Team & Cross-Functional Leadership: Hire, develop, and lead a DevSecOps team; build the function on a strong foundation. Collaborate with engineering leads on architectural decisions that carry security implications. Report to senior leadership on security metrics, risk posture, compliance status, and AI tool governance. Serve as the internal expert and educator on security and AI risk topics across the organization.

Benefits

Base Salary: $190,000-$225,000 (Dependent on Experience)
14 Company Holidays in addition to an Open Time Off policy
Healthcare, dental and vision insurance with generous employer contributions
401(k) w/ match
Regular lunches and a fully-stocked kitchen (if in Denver)
Bi-weekly Grubhub lunch stipend for remote folks
Company-provided hardware of your choice/configuration
A Strong Company Culture that Lives by Our Core Values - Love our Customers, Be Real, Give a Shit, Deliver Results, and Keep it Fun.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume