Senior DevSecOps Engineer

About The Position

Requirements

• 6+ years in DevOps, DevSecOps, SRE, platform engineering, infrastructure, or security engineering.
• Strong hands-on AWS experience, including IAM, networking, logging, monitoring, and secure access patterns.
• Solid CI/CD pipeline development and release automation experience; container build and deployment workflows.
• Infrastructure-as-code with Terraform and/or Pulumi (Python); strong scripting in Python, Bash, or similar.
• Strong Ubuntu/Linux command-line experience.
• Strong networking fundamentals, including VPCs, DNS, TLS, routing, firewalls/security groups, load balancing, and private connectivity.
• Observability tooling: logs, metrics, dashboards, alerts, and operational visibility.
• Experience with secrets management, IAM, audit logging, vulnerability scanning, and secure configuration.
• Strong hands-on experience with AI tools (e.g. Claude, ChatGPT) and AI-assisted development workflows, including an understanding of related security and data-handling risks.
• Experience participating in 24/7 on-call operations and supporting high-reliability production systems.
• Hands-on experience supporting SOC 2 Type 2 and/or ISO 27001 frameworks.
• Experience implementing controls for access management, change management, incident response, logging, and data protection.
• Ability to translate compliance requirements into practical, repeatable technical controls.
• Strong understanding of distributed systems, failure modes, and resilience; experience with SLOs/SLIs and incident management.
• Experience with backup, restore, failover, and disaster recovery procedures; familiarity with RTO/RPO planning.
• Strong communication skills; comfortable working closely with a technical lead while independently owning deliverables.
• Able to provide senior-level technical judgment and practical recommendations across DevSecOps, infrastructure, and security decisions.
• Ownership mindset, strong documentation habits, and comfort operating in high-accountability production environments.

Nice To Haves

• Jenkins, Docker, Kubernetes (including security, admission controls, and network policies).
• AWS ECS Fargate, CloudWatch, ELK stack, Bedrock, Redis, redshift, and AWS Systems Manager (SSM).
• Experience with SOC 2 Type 2 audit support and automated compliance evidence collection.
• Disaster recovery testing, tabletop exercises, and production failover planning.
• Fintech or other regulated industry background.
• Bachelor's degree in Computer Science

Responsibilities

• Design, build, and improve secure, scalable AWS infrastructure using infrastructure-as-code (Terraform, Pulumi-Python).
• Improve cloud networking, IAM, secrets management, environment isolation, and secure configuration.
• Standardize provisioning, access control, auditability, and change management.
• Troubleshoot infrastructure issues and drive long-term fixes that reduce operational toil.
• Build, maintain, and improve secure CI/CD pipelines for application, infrastructure, and platform deployments.
• Support container-based build and deployment workflows, including rolling updates and rollback strategies.
• Support Environment as a Service for the engineering and QA teams
• Reduce deployment friction while maintaining strong security and compliance controls.
• Embed security controls into infrastructure, CI/CD pipelines, and cloud operations.
• Support SOC 2 Type 2 readiness through control implementation, evidence collection, access reviews, and audit support.
• Manage secrets, IAM, least-privilege access, and vulnerability management across containers, dependencies, and cloud services.
• Ensure sensitive data is protected across logs, pipelines, monitoring systems, backups, and AI-assisted workflows.
• Contribute to secure usage patterns for AI/ML tools and services, including data handling, vendor risk, access controls, and model boundary considerations.
• Build and improve observability across logs, metrics, dashboards, and alerts; maintain centralized logging pipelines.
• Define and maintain SLOs, SLIs, alerting standards, and escalation paths.
• Participate in a 24/7 production on-call rotation; support incident response, root-cause analysis, and postmortems.
• Create and maintain runbooks, playbooks, and operational documentation.
• Design, document, and improve BC/DR plans; support RTO/RPO planning for critical systems.
• Implement and test backup, restore, replication, failover, and recovery procedures.
• Identify single points of failure and drive remediation across infrastructure, data stores, and operational processes.

Benefits

• Competitive salary + equity.
• Healthcare coverage.
• 401k