Principal DevSecOps Engineer

How you embrace curiosity daily

• CI/CD Pipeline Security: Lead the implementation and maintenance of automated security controls (SAST, SCA, IaC scanning) within the build pipeline to identify vulnerabilities early in the software development lifecycle.
• Vulnerability Management Operations: Oversee the daily operational triage of security findings. You will focus on reducing noise by tuning scanners, filtering false positives, and routing valid issues to the appropriate engineering backlogs.
• Platform Hardening & Defense: Execute targeted remediation campaigns to address infrastructure risks (e.g., cloud storage configurations, IAM privileges, container security) and maintain perimeter defenses (AWS WAF, Shield).
• Engineering Enablement: Act as the primary technical consultant for development teams. You will troubleshoot security-related build failures and provide "secure-by-default" infrastructure templates to streamline secure development.
• Security Automation: Develop custom scripts and automation workflows to detect vulnerable components across repositories and integrate disparate security tools into a cohesive ecosystem.
• Remediation Verification: Close the loop on security risks by validating that deployed fixes effectively resolve identified vulnerabilities.

How you make your mark

• You reduce noise for our engineers by tuning scanners and filtering out false positives
• You act as the go-to technical consultant for teams looking to build more secure products
• You drive remediation campaigns that strengthen our perimeter defenses like AWS WAF and Shield
• You ensure our digital defenses stay agile and ready for any evolving threats
• You take ownership of the vulnerability lifecycle from initial discovery to the final fix
• You help foster a culture where every engineer feels empowered to prioritize security

What you bring to the team

• Professional Background: A strong foundation in DevOps or Platform Engineering with a demonstrated specialization in security.
• AWS Security Portfolio: In-depth, hands-on experience with the AWS Security ecosystem is a must. You should be proficient in deploying, tuning, and operationalizing services such as GuardDuty, Security Hub, Inspector, AWS WAF, Shield, and IAM Access Analyzer.
• Scripting & Automation: Proficiency in scripting languages is essential for building custom tooling and gluing systems together. You must be capable of writing robust code in languages such as Python and Bash.
• Technical Proficiency: Extensive experience with CI/CD workflows and Infrastructure as Code (IaC) tools such as Terraform.
• Automation Mindset: A proactive approach to problem-solving where you prioritize scripting and automation over manual verification.
• Operational Excellence: Proven experience in triaging security findings, managing vulnerability lifecycles, and driving remediation efforts.
• Collaborative Communication: The ability to articulate complex technical security issues to developers and act as a supportive partner in resolving them.

What sets you apart?

• Familiarity with container orchestration security (Kubernetes/EKS).
• Familiarity with using (agentic) AI to enhance good security practices.
• Experience managing bug bounty programs and triaging external vulnerability reports.
• Experience contributing to security awareness training programs for developers