Director of DevOps/SecOps

About The Position

Requirements

• 10+ years of experience in DevOps, SecOps, or a combined DevSecOps role.
• 3+ years in a leadership or management capacity with direct reports.
• Deep hands-on experience with AWS security: IAM, VPC, ECS, Lambda, SQS, RDS, DynamoDB, Secrets Manager, CloudWatch, CloudFormation.
• Meaningful experience with GCP and/or Firebase: Firestore security rules, Cloud Functions security, GCP IAM, service account management.
• Experience owning or significantly contributing to SOC 2 Type II audits.
• Strong background in securing CI/CD pipelines and containerized workloads (Docker, ECS or EKS).
• Demonstrated experience governing third-party integrations and API security at scale.
• Working knowledge of SAST, DAST, SCA, dependency scanning, and secrets management tooling.
• A real point of view on AI tool security, understanding the risks of coding assistants, LLM APIs, MCP-connected agents, and AI embedded in developer workflows, and knowing how to manage them without killing productivity.
• Ability to communicate risk and security concepts clearly to non-technical audiences and executives.
• Background in SaaS with understanding of multi-tenant security architecture.

Nice To Haves

• Relevant certifications: CISSP, AWS Security Specialty, Google Professional Cloud Security Engineer, CCSP, or equivalent.
• Experience with PCI-DSS compliance in a SaaS context.
• Familiarity with Cloudflare security features: WAF, Zero Trust, Workers, DDoS protection.
• Experience securing PHP legacy applications alongside modern microservices.
• Hands-on experience with vector database security (e.g., Qdrant) or AI/ML pipeline security.
• Experience defining data governance policies for AI tools in a software engineering organization.
• Background building DevSecOps functions from scratch at a growth-stage company.

Responsibilities

• Partner with the AI Council and Engineering Directors to build an AI tool evaluation framework, defining security, privacy, and compliance criteria for new AI tool adoption.
• Govern multi-LLM provider relationships, reviewing data processing agreements, auditing data retention policies, and ensuring contractual protections for customer data.
• Establish and enforce policies for data flow through AI services, including PII boundaries, source code confidentiality, and customer data handling for coding assistants, LLM APIs, and agentic tools.
• Secure MCP-connected agents with access to internal systems by defining least-privilege access models, audit trails, and data egress controls.
• Define secure patterns for integrating LLM capabilities into products, including prompt injection defenses, output validation, model access controls, and logging/observability for AI-driven features.
• Build and maintain an AI tool inventory with risk classifications and lead periodic reviews.
• Partner with engineering and product teams to leverage AI for productivity benefits while mitigating risk exposure.
• Own and continuously improve the security posture across AWS and GCP/Firebase.
• Lead threat modeling, vulnerability management, and security incident response programs.
• Establish and enforce security policies, standards, and controls across the full SDLC.
• Champion a security-first engineering culture, making secure practices the path of least resistance for developers.
• Manage relationships with external auditors, penetration testers, and compliance bodies.
• Drive and maintain SOC 2 Type II compliance, owning evidence collection and audit processes across both platforms.
• Manage PCI-DSS considerations across payment processor integrations.
• Build and maintain a risk register, proactively surfacing and prioritizing risks to leadership.
• Own third-party vendor security reviews for over 20 integration partners, including AI vendors.
• Monitor regulatory developments relevant to SaaS, AI, and the industries served.
• Secure CI/CD pipelines across both cloud environments, including secrets management, dependency scanning, and SAST/DAST.
• Lead infrastructure-as-code strategy and ensure security guardrails are built in by default.
• Own cloud security architecture.
• Secure Cloudflare CDN/WAF configuration, DDoS posture, and DNS hygiene.
• Drive incident response readiness, including runbooks, on-call processes, post-mortems, and SLA accountability.
• Hire, develop, and lead a DevSecOps team, building the function on a strong foundation.
• Collaborate with engineering leads on architectural decisions with security implications.
• Report to senior leadership on security metrics, risk posture, compliance status, and AI tool governance.
• Serve as the internal expert and educator on security and AI risk topics across the organization.

Benefits

• Base Salary: $190,000-$225,000 (Dependent on Experience)
• 14 Company Holidays in addition to an Open Time Off policy
• Healthcare, dental and vision insurance with generous employer contributions
• 401(k) w/ match
• Regular lunches and a fully-stocked kitchen (if in Denver)
• Bi-weekly Grubhub lunch stipend for remote folks
• Company-provided hardware of your choice/configuration
• A Strong Company Culture that Lives by Our Core Values - Love our Customers, Be Real, Give a Shit, Deliver Results, and Keep it Fun.