Senior DevSecOps Engineer

About PactFi

Private asset markets (PE, Private Credit, VC, Real Estate) have 10x to 9.8T in AUM over the past decade and are projected to grow to $17T in the next five years. However, digital infrastructure has not kept pace, with most of the market operating predominantly in error-prone, internal-only software solutions.

PactFi provides secure, end-to-end, operational infrastructure for managing complex private credit transactions. Our web-based application brings together all parties involved in such a transaction to more efficiently allocate capital, complete KYC, share documents, manage funds flow, and more. The platform is secured to a bank-grade standard, and we have received our SOC 2 Type 2 attestation.

PactFi was developed in close partnership with two of the industry's largest players, both of whom represent the top 3 players in the private credit space by both size (AUM) and deal activity.

Overview

We're looking for a Senior DevSecOps Engineer to work closely with our Lead DevSecOps Engineer to improve the security, reliability, infrastructure, deployment, and operational maturity of our platform. This is a hands-on individual contributor role for someone who enjoys building, automating, securing, and improving production systems — not managing a team.

You'll strengthen our CI/CD workflows, AWS infrastructure, observability, SOC 2 readiness, business continuity, disaster recovery, and 24/7 on-call operations. The ideal candidate is experienced, practical, and collaborative — comfortable owning technical workstreams and helping engineering teams ship safely and efficiently.

What You'll Do

Infrastructure & Cloud Engineering

• Design, build, and improve secure, scalable AWS infrastructure using infrastructure-as-code (Terraform, Pulumi-Python).

• Improve cloud networking, IAM, secrets management, environment isolation, and secure configuration.

• Standardize provisioning, access control, auditability, and change management.

• Troubleshoot infrastructure issues and drive long-term fixes that reduce operational toil.

CI/CD & Developer Experience

• Build, maintain, and improve secure CI/CD pipelines for application, infrastructure, and platform deployments.

• Support container-based build and deployment workflows, including rolling updates and rollback strategies.

• Support Environment as a Service for the engineering and QA teams

• Reduce deployment friction while maintaining strong security and compliance controls.

Security, Compliance & SOC 2 Type 2

• Embed security controls into infrastructure, CI/CD pipelines, and cloud operations.

• Support SOC 2 Type 2 readiness through control implementation, evidence collection, access reviews, and audit support.

• Manage secrets, IAM, least-privilege access, and vulnerability management across containers, dependencies, and cloud services.

• Ensure sensitive data is protected across logs, pipelines, monitoring systems, backups, and AI-assisted workflows.

• Contribute to secure usage patterns for AI/ML tools and services, including data handling, vendor risk, access controls, and model boundary considerations.

Observability, Reliability & On-Call

• Build and improve observability across logs, metrics, dashboards, and alerts; maintain centralized logging pipelines.

• Define and maintain SLOs, SLIs, alerting standards, and escalation paths.

• Participate in a 24/7 production on-call rotation; support incident response, root-cause analysis, and postmortems.

• Create and maintain runbooks, playbooks, and operational documentation.

Business Continuity & Disaster Recovery

• Design, document, and improve BC/DR plans; support RTO/RPO planning for critical systems.

• Implement and test backup, restore, replication, failover, and recovery procedures.

• Identify single points of failure and drive remediation across infrastructure, data stores, and operational processes.

What We're Looking For

Experience & Technical Skills

• 6+ years in DevOps, DevSecOps, SRE, platform engineering, infrastructure, or security engineering.

• Strong hands-on AWS experience, including IAM, networking, logging, monitoring, and secure access patterns.

• Solid CI/CD pipeline development and release automation experience; container build and deployment workflows.

• Infrastructure-as-code with Terraform and/or Pulumi (Python); strong scripting in Python, Bash, or similar.

• Strong Ubuntu/Linux command-line experience.

• Strong networking fundamentals, including VPCs, DNS, TLS, routing, firewalls/security groups, load balancing, and private connectivity.

• Observability tooling: logs, metrics, dashboards, alerts, and operational visibility.

• Experience with secrets management, IAM, audit logging, vulnerability scanning, and secure configuration.

• Strong hands-on experience with AI tools (e.g. Claude, ChatGPT) and AI-assisted development workflows, including an understanding of related security and data-handling risks.

• Experience participating in 24/7 on-call operations and supporting high-reliability production systems.

Security & Compliance

• Hands-on experience supporting SOC 2 Type 2 and/or ISO 27001 frameworks.

• Experience implementing controls for access management, change management, incident response, logging, and data protection.

• Ability to translate compliance requirements into practical, repeatable technical controls.

• Experience in regulated or security-sensitive environments (fintech, healthcare, enterprise SaaS) is a strong plus.

Reliability & Collaboration

• Strong understanding of distributed systems, failure modes, and resilience; experience with SLOs/SLIs and incident management.

• Experience with backup, restore, failover, and disaster recovery procedures; familiarity with RTO/RPO planning.

• Strong communication skills; comfortable working closely with a technical lead while independently owning deliverables.

• Able to provide senior-level technical judgment and practical recommendations across DevSecOps, infrastructure, and security decisions.

• Ownership mindset, strong documentation habits, and comfort operating in high-accountability production environments.

Nice to Have

• Jenkins, Docker, Kubernetes (including security, admission controls, and network policies).

• AWS ECS Fargate, CloudWatch, ELK stack, Bedrock, Redis, redshift, and AWS Systems Manager (SSM).

• Experience with SOC 2 Type 2 audit support and automated compliance evidence collection.

• Disaster recovery testing, tabletop exercises, and production failover planning.

• Fintech or other regulated industry background.

• Bachelor's degree in Computer Science

What We Offer

• Competitive salary + equity.

• Healthcare coverage.

• 401k