Staff DevSecOps Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Advocate for a security-first approach within the Engineering team to establish the security posture of our platform infrastructure, focusing on supply chain hardening, secrets management, IAM/IRSA, container image integrity, and vulnerability remediation within our AWS/EKS environment.

• Create and implement automation that ensures compliance evidence is continuous rather than manual, converting HITRUST controls into passing tests and structured outputs that integrate with our compliance tools (Vanta).

• Integrate security into the platform by default, facilitating the secure path as the easy option for application engineers through guardrails, policy-as-code, and comprehensive documentation.

• Collaborate with our Security team to convert threat assessments and identified control gaps into engineering proposals that include a clear scope, trade-offs, and suggested pathways forward.

• Oversee platform security initiatives from conception to operationalization, covering requirements, technical design, code and code review, deployment, and documentation.

• Actively participate in the broader platform with hands-on contributions in CI/CD pipelines, container orchestration, observability, and developer tooling — this is an individual contributor role, not a governance position.

• Engage in an on-call rotation and take ownership of the systems you create, including managing production incidents.

• Guide engineers on security best practices and elevate the security standards across the team.

⛳️ Requirements

• 8+ years of experience in cloud-native infrastructure or platform engineering roles, demonstrating growth in technical scope and leadership.

• Practical expertise with AWS and Kubernetes (EKS) — you have operated these in a production environment, not merely deployed them.

• In-depth knowledge of security: you comprehend supply chain risks, IAM/zero-trust patterns, secrets management, and vulnerability management at the platform level, rather than just as theoretical concepts.

• Proven experience translating compliance frameworks (HITRUST, SOC 2, or equivalent) into tangible engineering controls — bonus points if you have worked with Vanta or similar compliance automation tools.

• Proficiency in infrastructure-as-code (Terraform/HCL) and at least one scripting language (Python, Go, or Node.js/TypeScript).

• Familiarity with modern CI/CD systems and the security implications they present, including pipeline integrity, artifact signing, and registry controls.

• Excellent written communication skills and a history of driving technical decisions in asynchronous, remote settings — you craft proposals rather than just exchanging Slack messages, and you turn those proposals into impactful outcomes.

🏝️ Benefits

• 100% remote-first culture (must reside in the US).

• Unlimited Flexible Time Off.

• 15+ Observed Holidays.

• Rest & R^Charge days (ensuring a guaranteed 3-day weekend each month).

• R^Charge (6 weeks paid sabbatical plus stipend).

• 401k match of 50% for up to 8% starting on Day 1.

• Medical/Dental/Vision Benefits effective on Day 1.

• HSA & FSA, Life, Disability, Medical Travel, and Employee Assistance Program.

• Paid Parental Leave (16 weeks).

• Productivity Stipend and Wellness Fund.

• Redox-provided MacBook.

• Virtual and/or in-person Team and Company Events.

• Stock Options.

• Employee Referral Bonus Program.