Staff DevSecOps Engineer

Champion a security-first mindset within Engineering to help set the security posture of our platform infrastructure — supply chain hardening, secrets management, IAM/IRSA, container image integrity, and vulnerability remediation across our AWS/EKS environment

Design and build automation that makes compliance evidence continuous, not manual — translating HITRUST controls into passing tests and structured outputs that flow into our compliance tooling (Vanta)

Embed security into the platform by default: make the secure path the easy path for application engineers, through guardrails, policy-as-code, and well-documented patterns

Partner with our Security team to translate threat assessments and control gaps into engineering proposals with clear scope, tradeoffs, and recommended paths forward

Lead platform security initiatives from design to operationalization — requirements, technical design, code and code review, deployment, and documentation

Contribute hands-on to the broader platform: CI/CD pipelines, container orchestration, observability, and developer tooling — this is an IC role, not a governance role

Participate in on-call rotation and own the systems you build, including production incidents

Mentor engineers on security practices and raise the security baseline across the team

8+ years in cloud-native infrastructure or platform engineering roles, with demonstrable progression in technical scope and leadership

Hands-on expertise with AWS and Kubernetes (EKS) — you've operated these in production, not just deployed them

Security depth: you understand supply chain risk, IAM/zero-trust patterns, secrets management, and vulnerability management at the platform level — not just as concepts

Experience translating compliance frameworks (HITRUST, SOC 2, or equivalent) into concrete engineering controls — bonus if you've worked with Vanta or similar compliance automation tooling

Fluency in infrastructure-as-code (Terraform/HCL) and at least one scripting language (Python, Go, or Node.js/TypeScript)

Experience with modern CI/CD systems and the security surface they introduce — pipeline integrity, artifact signing, registry controls

Strong written communication and a track record of driving technical decisions in async, remote environments - you write proposals, not just Slack messages, and convert them to impact

AWS, Docker, EKS

GitHub Actions (CI), ArgoCD (CD)

Kyverno, Karpenter, KEDA, VPA, Velero, Crossplane

Prometheus, Grafana, InfluxDB, Sumo Logic and Mimir

Terraform, helm and Atlantis

Postgres, Redis

Kafka

Security vulnerability reporting tools

Experience in a fully remote, growth-stage, or regulated-industry company

Developer enablement work — you've thought about the internal developer experience, not just the ops side

Go, Node.js, or TypeScript — we're a TypeScript shop and it helps to be comfortable there

Vanta or similar compliance automation tooling

VPN administration or enterprise network security experience

Dependency management tooling (Renovate, Dependabot)