Senior DevOps Engineer (Product Security)

RESPONSIBILITIES:

• Drive security governance across AWS environments, advocating for and implementing secure-by-default configurations, IAM access controls, and policy-as-code frameworks.
• Design and implement infrastructure as code using tools like Terraform and Spacelift to manage cloud infrastructure in a scalable and auditable way.
• Collaborate with Data Science, Platform, and Product teams to embed security into the software delivery lifecycle, CI/CD pipelines, and runtime environments
• Develop guardrails and monitoring to detect and prevent misconfigurations, insecure defaults, and policy violations.
• Implement and manage risk mitigation strategies for cloud infrastructure, including automated backups, disaster recovery planning, and data retention policies to ensure business continuity and data integrity.
• Act as a security champion, educating engineers and stakeholders on cloud security principles, secure infrastructure design, and compliance requirements.
• Participate in incident response and remediation efforts related to cloud or infrastructure security events.
• Support compliance initiatives (e.g., SOC2, GDPR, SaMD) by ensuring infrastructure controls are auditable, testable, and well-documented.

QUALIFICATIONS:

• 5+ years of experience in DevOps, Site Reliability, or Cloud Engineering roles, with a focus on securing cloud infrastructure.
• Expertise in AWS services and architectures, including networking, IAM, EC2, S3, RDS, CloudTrail, Config, IdentityCenter, Organizations and Lambda.
• Proven experience with infrastructure as code tools like Terraform (preferred), AWS CDK, or Pulumi in production environments.
• Strong foundation in cloud security best practices, including least privilege access, resource isolation, logging/monitoring, and vulnerability management.
• Hands-on experience with container orchestration and infrastructure platforms (e.g., Kubernetes, EKS).
• Strong scripting or programming skills in languages like Java, Python, Javascript, Go, and/or Bash.
• Familiarity with CI/CD pipelines, secrets management, and automated security scanning and monitoring tools (e.g., SAST, CNAPP, SIEM, etc).
• Bonus: Experience with modern web hosting technologies, including Cloudflare, CDN management, TLS/SSL certificate handling, and DNS configuration for scalable and secure application delivery.
• Bonus: Experience working in environments with SOC2, HIPAA, or GDPR compliance requirements.

ABOUT YOU:

• You’re a proactive problem-solver who thrives on ownership and is passionate about raising the security bar.
• You prioritize automation in everything you do, continuously seeking opportunities to streamline processes and eliminate manual steps through reliable, scalable tooling.
• You enjoy working cross-functionally and can clearly communicate complex security issues to both technical and non-technical stakeholders.
• You understand that security is a shared responsibility and believe in building guardrails over roadblocks.
• You value quality, reliability, and visibility as much as speed and scale.