Security & DevOps Engineer

About the position

Rive is a new way to build production-ready UI and graphics — with rich interactivity and state-driven animation. We're on a mission to make hard-coded graphics a thing of the past with a new general-purpose graphics format for all types of software and UI. Rive empowers teams to iterate faster and build better products. We’ve seen tremendous organic growth over the last few years. Our innovative customers include tech giants, game studios, consumer apps with millions of users… there are even Rive pixels in space! As our enterprise customer adoption increases so does our need for trust, security, SOC 2 and ISO 27001 certification. We're looking for a Security & DevOps Engineer who can help us continuously improve our infrastructure, implement best-in-class security practices, and lead our certification efforts. Help shape the security function as Rive grows - with the opportunity to grow into a security leadership role.

Responsibilities

• Lead Rive’s SOC 2, ISO 27001, and other security certification processes, partnering with external vendors and auditors.
• Maintain and document security policies, controls, and procedures across infrastructure and engineering.
• Monitor and maintain security posture (e.g. IAM, encryption, vulnerability scans, audit logs).
• Work with teams across the company to implement security-by-design practices.
• Be the point of contact for all presales customer security reviews.
• Own and improve our CI/CD pipelines, observability, and cloud infrastructure on AWS.
• Automate compliance requirements using tools like Vanta, Drata, or similar.
• Implement infrastructure-as-code practices and support secure deployment pipelines.
• Collaborate with engineering teams to ensure systems are secure, scalable, and maintainable.
• Conduct periodic risk assessments, access reviews, and incident response drills.
• Educate and empower the team to follow secure development and data handling practices.

Requirements

• 4+ years in DevOps, Infrastructure, or Security Engineering roles (ideally with a SaaS startup).
• Experience working with cloud platforms (AWS in particular), containerization, and modern CI/CD.
• Familiarity with security frameworks like SOC 2, ISO 27001, or NIST.
• Hands-on experience with compliance tooling (Vanta, Drata, Secureframe) and writing policies.
• Strong scripting/automation skills (Python, Bash, Terraform, etc.).
• Proactive communicator who can work autonomously, cross-functionally and translate security needs into practical solutions.

Benefits

• Comprehensive health, dental, and vision coverage.
• Stock options.
• Remote centric work environment.
• Fair and equitable compensation practices.