Summary :

We're seeking a Senior DevSecOps Engineer to lead our security engineering and infrastructure automation practice. You'll design zero-trust cloud architectures, establish secure CI/CD practices, and mentor our engineering teams on embedding security into every stage of development.

This is a strategic, hands on leadership role for someone who thinks in threat models, compliance frameworks, and architectural maturity not just tactical security implementation.

In this role, you'll :

- Own security architecture decisions across our AWS infrastructure

- Design and enforce secure CI/CD pipelines and deployment practices

- Lead incident response and security operations

- Mentor engineering teams on secure coding and infrastructure hardening

- Establish security compliance and governance frameworks

- Drive organizational security culture and awareness

- If you've architected zero-trust systems, led incident response teams, designed compliance frameworks, and automated security at scale, we want to talk to you.

Key Responsibilities :

Cloud Security Architecture & Design :

- Design and evolve zero-trust architecture principles across AWS, hybrid, and multi cloud environments

- Conduct threat modeling, risk assessments, and security architecture reviews for critical systems and applications

- Define and implement cloud security compliance frameworks (SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, NIST CSF)

- Lead supply chain security initiatives: container image scanning, artifact signing, dependency provenance, SBOM management

- Design and govern Identity & Access Management (IAM) policies, role hierarchies, and cross-account access patterns

- Implement secrets management and cryptographic key lifecycle management across infrastructure

Secure CI/CD & DevSecOps :

- Architect secure CI/CD pipelines integrating security scanning, testing, and compliance checks at every stage

- Design and implement automated secrets management, credential rotation, and secure credential

distribution

- Establish container security practices: image hardening, runtime scanning, policy-based admission controls

- Implement infrastructure scanning and compliance automation (IaC scanning, misconfiguration detection)

- Define and enforce security policies across deployment environments (dev, staging, production)

- Mentor development teams on secure coding practices and SIEM/logging integration

Infrastructure Automation & Operations :

- Design, build, and maintain scalable, secure AWS cloud infrastructure (VPC, IAM, networking, compute, storage, databases)

- Implement Infrastructure as Code (Terraform, CloudFormation) with embedded security controls and compliance checks

- Establish containerization and orchestration strategies (Docker, ECS, EKS) with security hardening at every layer

- Design and operate centralized logging, monitoring, and alerting (CloudWatch, Grafana, ELK, Prometheus, SIEM)

- Manage cloud cost optimization while maintaining security posture

- Establish disaster recovery, backup, and business continuity practices

Incident Response & Security Operations :

- Lead incident response program : design, testing, automation, and playbook development

- Conduct or coordinate penetration testing, vulnerability assessments, and red-team exercises

- Lead security incident triage, investigation, containment, and remediation

- Conduct post incident reviews and establish systemic improvements

- Manage vulnerability remediation pipelines and SLA enforcement

- Monitor and respond to security alerts; establish security metrics (MTTR, false positive rates, vulnerability age)

Leadership, Mentoring & Cross-Functional Impact :

- Mentor engineering teams on secure infrastructure design, hardening, and operational security best practices

- Drive security culture and awareness across development, operations, and product teams

- Establish security metrics and KPIs for infrastructure and application security

- Lead cross-functional security initiatives with compliance, product, operations, and executive teams

- Stay current with cloud security threats, best practices, and emerging technologies

- Participate in security conferences, training, and professional development

Technical Skills Expected :

Security Architecture & Leadership (7+ years) :

- Threat modeling & risk management : STRIDE, attack trees, risk scoring, security architecture reviews

- Cloud security architecture : Zero-trust design, network segmentation, defense in depth, security layers

- Compliance & governance frameworks : SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, NIST Cybersecurity Framework, CIS Controls

- Identity & Access Management : IAM governance, MFA/2FA, identity federation, OAuth/SAML, cross-account access patterns

- Secrets management & cryptography : Key rotation, secrets vaults (Hashicorp Vault, AWS Secrets Manager), encryption strategies

- Incident response leadership : IR program design, automation, tabletop exercises, post-mortem facilitation

- SIEM/SOAR & security monitoring : Log aggregation, alert tuning, security event correlation, automated response

- Container & supply chain security : Image scanning, admission controllers, artifact signing, SBOM, artifact repository security

- Vulnerability management : Patch management, scan result triage, false positive reduction, remediation SLA enforcement

- Security compliance audits & assessments : SOC 2, ISO 27001, HIPAA audits, penetration testing coordination

- Certifications (preferred) : CISSP, CEH, CCSK, or equivalent security leadership certification

Cloud Infrastructure & Automation (7+ years) :

- AWS services in depth : EC2, VPC, IAM, RDS, S3, KMS, Secrets Manager, CloudWatch, VPC Flow Logs, Config, Security Hub, GuardDuty

- Infrastructure as Code : Terraform (advanced), CloudFormation, modules, state management, policy enforcement (Sentinel, OPA)

- CI/CD platforms : GitHub Actions, GitLab CI, Jenkins, AWS CodePipeline, AWS CodeBuild, CodeDeploy

- Containerization & orchestration : Docker (advanced), ECS, EKS, Kubernetes, image security, runtime policies

- Linux system administration : Process isolation, kernel security, SELinux/AppArmor, networking, package management

- Monitoring & observability : Grafana, Prometheus, CloudWatch, ELK Stack, Splunk, log analysis, custom alerting

- Networking : VPC design, subnetting, routing, firewalls, NACLs, security groups, load balancing, DDoS mitigation

Automation & Programming (For Infrastructure Code) :

- Languages/Scripting : Python, Bash, Go (for infrastructure tooling)

- API integration : REST/GraphQL APIs, SDK usage, webhook automation, event-driven workflows

- Configuration management : Ansible, Chef, Puppet (familiarity), GitOps principles

Preferred Qualifications :

- 8+ years in DevSecOps, cloud security engineering, or infrastructure security

- Experience leading incident response teams or security operations

- Contributions to open-source security or infrastructure projects

- Experience with multiple cloud providers (AWS, Azure, GCP)

- Background in application security or secure SDLC

- Previous security compliance audit experience (SOC 2, ISO 27001)

- Experience mentoring junior engineers on security best practices

What We're Looking For :

- A strategic thinker who sees security as an architecture problem, not a checklist

- A hands on leader comfortable with infrastructure code, incident response, and mentoring

- A problem solver who automates security, reduces toil, and scales practices across teams

- A collaborator who can speak to developers, ops engineers, compliance, and executives

- A learner who stays current with cloud security, threat landscape, and emerging technologies