Senior DevSecOps Engineer

About The Position

Requirements

• Hands-on AWS experience: infrastructure, networking, and cloud security posture
• Experience with infrastructure-as-code (Terraform or CloudFormation)
• Strong understanding of IAM, network security, encryption, and secrets management
• Hands-on vulnerability management experience: scanning, triage, remediation workflows
• Experience with threat modeling, secure code review, and CI/CD security gating.
• Strong scripting and automation skills (Python, Bash, or similar)

Nice To Haves

• Experience operating security tooling: EDR, SIEM, email security, WAF, or similar
• Familiarity with SentinelOne, Sublime, Panther, or Cloudflare specifically
• Prior incident response or tabletop exercise facilitation
• Exposure to AI/ML security: LLM risks, securing inference endpoints, or data privacy in ML contexts
• Experience in fintech, wealthtech, or other regulated industries
• Familiarity with supply chain security

Responsibilities

• Secure AWS infrastructure, systems, and networking
• Review infrastructure-as-code (Terraform) changes for security implications
• Support secrets management, IAM policy reviews, and encryption standards
• Triage and respond to cross-team IT requests that carry security implications
• Operate and tune security tooling including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare
• Monitor and triage security alerts across dedicated channels
• Serve as the primary responder for cross-team security requests
• Manage the vCISO relationship, including coordinating on cloud security posture, endpoint coverage, and SOC 24x7 operations
• Own the annual penetration test lifecycle: vendor selection, scoping, coordination, remediation tracking, and reporting
• Scope and coordinate AI red team engagements
• Run tabletop exercises and maintain the incident response playbook
• Build and maintain a multi-quarter security roadmap in partnership with engineering leadership
• Own and evolve pre-deploy security gates across CI/CD pipelines
• Run vulnerability management for libraries and application code: scanning, prioritization, and remediation workflows
• Conduct threat modeling for new features, integrations, and architecture changes
• Champion secure coding practices across engineering teams
• Scope and coordinate AI red team exercises against Vanilla’s AI-powered features
• Assess security of AI/ML pipelines, inference endpoints, and third-party AI vendor integrations
• Implement and maintain guardrails for AI outputs, including controls against prompt injection and data exfiltration
• Establish data governance practices for sensitive training data (PII/PHI in estate and financial documents)

Benefits

• Flexible paid time off policy
• 10 company-wide paid holidays
• Parental leave, 6 weeks for all full-time employees and up to 14 weeks for birthing parents
• Medical, dental, and vision benefits coverage for employees and their families
• 401K eligibility after one month of employment
• Free estate planning documents
• Budget for learning & development
• Budget for home office setup
• Paid parking or transit for hybrid and in office employees
• Performance-based bonus
• Equity