DevSecOps Engineer (Contract)

Ambient combines a decade of operational experience with design and engineering prowess to improve apartment living and management in the most impactful, cost-effective way possible.

The name "Ambient" embodies our vision to create a category-defining platform that seamlessly integrates smart technology into the built environment and transforms the way people live, visit, and work in multifamily communities. Our focus is on increasing the value of multifamily properties by making them more efficient to operate and more comfortable to live in.

Overview

We're looking for a DevSecOps Engineer to work with our engineering team on a contract basis. We look for strategic thinkers and creative problem solvers with a bias for execution.

Before applying, please note that is a remote contract position that can be held in either Brazil or Argentina.

Key Responsibilities:

• Security as Code: Implement security best practices within Infrastructure as Code (IaC) using Terraform for AWS-based environments.
• Kubernetes Security: Manage and secure Amazon EKS clusters, ensuring proper access controls, secrets management, and runtime security.
• Secrets Management: Implement and maintain HashiCorp Vault, AWS KMS, and AWS Secrets Manager for secure storage and retrieval of secrets.
• Shift Left Security: Integrate security early in the CI/CD pipelines using static code analysis, vulnerability scanning, and compliance checks.
• Secure Deployment Processes: Design and enforce security policies around containerized deployments and Kubernetes security best practices.
• Vulnerability & Application Security Testing: Automate security scanning tools like Snyk, Trivy, Checkov, SonarQube, or similar solutions.
• Automation & Scripting: Develop automation scripts in Python, Bash, or other scripting languages to streamline security processes.
• CI/CD Integration: Implement security controls within GitHub Actions and other CI/CD pipelines to ensure secure application delivery.
• Monitoring & Compliance: Set up security monitoring, logging, and alerting for compliance with SOC2, ISO 27001, and CIS benchmarks.
• Collaboration & Documentation: Work closely with DevOps, Security, and Engineering teams to define security guidelines and document security processes.

Required Skills & Qualifications:

• 5-7 years of experience in DevSecOps, Security Engineering, or related fields.
• Expertise in Terraform for IaC and managing AWS infrastructure securely.
• Strong hands-on experience with Amazon EKS and securing Kubernetes environments.
• Proficiency with HashiCorp Vault, AWS KMS, and AWS Secrets Manager for secret management.
• Experience in implementing Shift Left security strategies in software development.
• Hands-on experience with vulnerability and application security testing tools.
• Strong understanding of CI/CD pipelines and security automation using GitHub Actions.
• Proficiency in Python, Bash, or other scripting languages for automation.
• Experience deploying EDR/MDR/CNAPP tools and providing threat detection and mitigation strategies.
• Knowledge of compliance frameworks (SOC2, ISO 27001, NIST, CIS benchmarks) is a plus.
• Strong problem-solving skills and the ability to work in a fast-paced environment.

Preferred Qualifications:

• Experience with AWS Security Hub, GuardDuty, Cloudtrail, IAM policies and Crowdstrike, Wiz, and CloudTrail for security monitoring.
• Knowledge of policy-as-code tools like OPA (Open Policy Agent) for enforcing security policies.
• Familiarity with DevSecOps toolchains and threat modeling practices.

#ambient