Senior Staff DevSecOps Engineer

As a Senior Staff DevSecOps Engineer, you’ll be responsible for protecting and securing Voltron Data. You'll work as a Tech Lead specializing in DevSecOps on the SecOps team and be responsible for corporate security and compliance initiatives within the company. You will be responsible for the research, architecture, development, and delivery of these focus areas and other security initiatives, either working solo or with other members of the SecOps team. Importantly, we are looking for a Security Engineer who does not work in silos and is willing to share knowledge and responsibilities with other team members, collaborating with DevOps, IT, and engineering teams for security initiatives. This includes working directly with project development teams and others to enable successful project implementation by applying the recommended security tools, technologies, and techniques.

NOTE: There will be an expectation of rolling incident response schedule sharing as a part of this role. This will be a shared responsibility with other SecOps and IT members.

Important Notes

• Due to some client commitments, we require this position to be a US Citizen.
• While the company is remote worldwide, hiring for this position will be focused around the Northeast region (Boston to DC) of the United States, with the aim of hiring in either the NYC or Pittsburgh areas.
• Additionally, you must have previous experience working at startups, with a preference for experience at an early-stage startup. Experience working with engineering teams within a software development firm is strongly preferred.
• There will be an expectation of rolling incident response schedule sharing as a part of this role. This will be a shared responsibility with other SecOps and IT members.

Role Expectations

As a DevSecOps-focused Senior Staff Security Engineer, you will be responsible for performing the following:

• Security Execution
• My work demonstrates broad and deep security domain expertise, and I successfully apply it across technology domains (e.g. software, networking, risk management, operating systems, etc.) to realize cross-functional security objectives and drive the maturity of the security team overall.
• I independently and proactively identify areas of security risk and future needs, reach out to the relevant teams, collaboratively design solutions to that risk, and successfully implement them sustainably that “permanently” reduce risk across entire classes of threats.
• I design, deliver, and drive solutions for significantly complex security and risk problems across Voltron Data organizations.
• I split my time into different areas, such as security solution design and/or security architecture, based on where my skills have the greatest impact (or in response to a security problem).
• I deliver solutions resistant to erosion of security controls over time and integrate ongoing testing strategies as part of the foundational design
• I own the response to extraordinary or otherwise sensitive security incidents.
• I adapt my role to the needs of an initiative, the security team, or a cross-functional partner team over time.
• I understand that technology, threats, and responses evolve and drive that evolution to create opportunities to improve security across Voltron Data.
• I motivate security controls that simplify, optimize, and prevent bottlenecks.
• Technology Fluency
• I apply a comprehensive understanding of the Voltron Data technology stack and relevant external technologies within my focus. I both maintain awareness and ensure my organization is aware of changes as they occur. I influence partner organizations' design and architecture choices.
• I understand that technology, threats, and responses evolve and use that evolution to identify opportunities to improve security controls accordingly.
• Threat Fluency
• I deeply understand attacker tools, techniques, and processes (TTPs) and an extensive array of defenses/mitigations for them.
• I am deeply aware of the kinds of defenses and their efficacy in mitigating attacks relevant to Voltron Data Security.

Career Paths

This Senior Staff Security Engineer role has two career paths: continuing at this level as a Tech Lead or progressing to the next level (Principal Security Engineer, also as a Tech Lead). At Voltron Data, we want you to know the available career paths so we can find a long-term fit for candidates both today and in the future. Expect to discuss this in our interviews to learn your expectations for this role.

Necessary Skills

• Proficiency with scripting languages Python & Bash, including using GitHub for source control.
• Experience with Terraform or OpenTofu for IaC.
• Linux system administration experience; Ubuntu and Rocky Linux preferred.
• Familiarity with securing containerized infrastructure and Kubernetes in cloud/bare-metal environments.
• Hands-on experience with security tools (Datadog, Crowdstrike, or equivalents) and command-line tools for audits, pen testing, and investigations.
• Understanding of GitHub Advanced Security or equivalent SAST/vulnerability tooling stack.
• Prior experience with Zero Trust systems and workflows.

Previous Experience 

• History as a Tech Lead in SecOps, preferably in a DevSecOps role.
• Experience with software engineering teams to develop plans for application security and ensure a secure environment.
• Performs business case analysis and feasibility, including the examination of costs, benefits, and risks associated with the proposed investment or project. Recommends alternatives for solutions and highlights strategic implications.
• Architects, designs, implements, supports, and evaluates secure, infrastructure-focused tools and services.
• Ability to clearly articulate and write requests, needs, requirements, and documentation 
• Experience with navigating and earning certifications such as SOC II, ISO 27001, NIST CSF, etc.; in addition to GDPR, US Data Privacy, and other legal frameworks.
• Deployment of vulnerability remediation systems and workflows.
• Familiarity with cloud services (AWS, Azure, GCP, and/or others) and remote infrastructure in a colocation environment, implementing tailored security controls in each environment.
• Experience working for a remote company and hands-on exposure with a global remote user base.

US Compensation

The salary range for this role is between $150,000 and $220,000. We have a global market-based pay structure that varies by location. Please note that the base pay range is a guideline, and for candidates who receive an offer, the exact base pay will vary based on factors such as the candidate's actual work location, skills, and experience. This position is also eligible for additional incentives such as equity awards.