Senior DevSecOps Engineer

Atlas Travel & Technology Group Inc•Virtual Employee, Remote, Remote, US, Remote

15h•Hybrid

About The Position

This position reports to: Director of Engineering. Overview: At Atlas Travel & Technology Group, our purpose is to Stand-Up, Stand-Out. To do something every day that makes the next day better for all. We value creativity to build new paths forward, collaborate respectfully, have the drive to get up and do it, open ourselves to grow, do what we say, love what we do, and have fun along the way. This is who we are, our culture. Atlas Travel is a technology-driven corporate travel management company operating at the intersection of travel, payments, and embedded finance. As we continue scaling our engineering organization and financial services platform, we’re looking for a Senior DevSecOps Engineer to help build the infrastructure, security, and operational foundations that support the next stage of growth. This is a high-autonomy, greenfield role. You’ll be our first dedicated DevSecOps engineer, responsible for improving the reliability, security, scalability, and cost efficiency of our cloud environment and delivery pipelines. You’ll work across engineering and IT to establish operational standards, automate security and compliance workflows, and build the tooling and processes that allow teams to move quickly without compromising security or stability. Foundational tooling and platforms already exist, but the operational maturity, automation, governance, and standardization behind them are still evolving. This role is responsible for helping turn a growing engineering environment into a scalable, reliable, and audit-ready platform. You’ll sit within Engineering with a dotted line to IT, partnering closely with teams that build software, operate infrastructure, and manage sensitive customer and financial data.

Requirements

5+ years of hands-on experience in DevOps, Platform Engineering, or DevSecOps roles supporting production environments.
Strong experience operating cloud infrastructure in GCP, AWS, or Azure, including provisioning, networking, IAM, monitoring, and cost management.
Experience building and maintaining CI/CD pipelines using GitHub Actions or comparable tooling.
Hands-on experience with Terraform, Docker, and Kubernetes in production environments.
Experience implementing security tooling, vulnerability management processes, and operational remediation workflows.
Experience administering Okta or a comparable enterprise identity provider.
Experience supporting or implementing security and compliance controls aligned to PCI, SOC 2, ISO 27001, or similar frameworks.
Strong troubleshooting, incident response, and operational problem-solving skills.
Ability to work cross-functionally with engineering, IT, and leadership teams.
Ability, to communicate in standard business English both written and spoken.
Ability to read and comprehend simple instructions, correspondence and memos.
Ability to effectively present information in one-on-one, small group situations to customers, clients and other employees of the organization.

Nice To Haves

Direct experience operating workloads in Google Cloud Platform.
Experience with SentinelOne or comparable endpoint security platforms.
Experience supporting regulated or fintech environments handling sensitive financial or customer data.
Experience building or maturing infrastructure and security practices in a growing engineering organization.
Familiarity with SIEM platforms, centralized logging, and threat detection workflows.
Experience improving cloud cost governance and operational efficiency at scale.

Responsibilities

Build and evolve infrastructure standards across our Google Cloud Platform environments.
Manage infrastructure-as-code using Terraform and improve consistency, reliability, and repeatability across environments.
Build and maintain CI/CD pipelines in GitHub Actions to improve deployment reliability, release velocity, and developer experience.
Operate and optimize containerized workloads using Docker and Kubernetes.
Improve observability, operational monitoring, and production reliability across systems and services.
Improve the security posture of our cloud and application environments through hardening, automation, and continuous remediation.
Establish and operate a vulnerability management program with defined remediation SLAs and measurable operational reporting.
Deploy and maintain endpoint protection and detection tooling, including SentinelOne.
Partner with engineering teams to remediate infrastructure and application security findings.
Implement and operationalize security controls supporting PCI, SOC 2, and ISO 27001 requirements.
Improve logging, alerting, and threat detection capabilities across the environment.
Administer and improve our Okta environment in partnership with IT, including SSO configuration, lifecycle automation, provisioning workflows, and access policy enforcement.
Build and automate access review and audit workflows that improve governance while reducing manual overhead.
Help evaluate and implement security and governance tooling that improves visibility, auditability, and operational maturity.
Lead technical investigations into security and infrastructure incidents, including triage, containment, root cause analysis, and remediation.
Develop runbooks and operational procedures that improve response consistency and reduce recovery time.
Coordinate and support external penetration testing engagements and drive remediation efforts through closure.
Partner with engineering teams to improve resilience and reduce recurring operational and security risks.
Improve visibility into cloud spend through tagging, reporting, alerting, and budgeting practices.
Identify opportunities for rightsizing, waste reduction, and operational efficiency across our GCP environment.
Partner with engineering leadership to ensure infrastructure scales predictably and cost-effectively.