Senior Platform Security Engineer (DevSecOps)

webAI•Austin, TX

About The Position

We are looking for a senior, mission-driven DevSecOps Engineer to partner closely with our security leadership and help build a world-class, resilient, and secure engineering ecosystem at webAI. This is not a “ticket-closing” role. This is a builder role. You will have a rare greenfield opportunity to design, implement, and own the core security systems that protect our company, our platform, and our customers. You will shape how security is embedded into our infrastructure, pipelines, and engineering culture from the ground up, without unnecessary bureaucracy or friction. If you thrive in ambiguity, care deeply about getting security right, and want real ownership over foundational systems, this role is for you.

Requirements

5+ years of hands-on experience in DevSecOps, Security Engineering, Platform Engineering, or SRE
Demonstrated success building and deploying security systems from the ground up
Strong automation skills with at least one scripting language (Python, Go, or similar)
Deep experience with Infrastructure as Code (Terraform strongly preferred; CloudFormation acceptable)
Strong cloud security experience, ideally in AWS
Experience securing containerized workloads (ECS and/or Kubernetes)
Solid understanding of security fundamentals including: Threat modeling, Incident response, Observability and detection and Runtime and infrastructure security

Responsibilities

Own and operate the core infrastructure that powers webAI’s security program, including security observability, detection, and protection platforms. Design systems that are resilient, scalable, and secure by default.
Lead the implementation of a unified logging and SIEM solution by partnering with engineering and platform teams to centralize application, infrastructure, and security logs in Datadog, enabling real-time monitoring, threat hunting, and incident response.
Build and maintain an automated Public Asset Inventory to provide a real-time view of webAI’s public-facing attack surface and eliminate shadow IT.
Embed security into the CI/CD pipeline by owning SAST, SCA, and DAST tooling and creating scalable workflows that ensure findings are effectively triaged and remediated with minimal developer friction.
Select, deploy, and own runtime protection tooling to enable runtime threat detection, file integrity monitoring, and micro-segmentation for containerized workloads.
Act as a senior security partner to engineering teams, providing guidance on secure architecture, leading threat modeling, supporting incident response, and shaping a strong, pragmatic security culture.