Build and operate production security controls across our AWS and Kubernetes platform.
Design and implement guardrails that make secure delivery the default—covering CI/CD security automation, software supply chain controls, and Kubernetes policy enforcement.
Co-own AWS security guardrails with Platform/SRE (IAM patterns, logging and detection, network and encryption baselines).
Partner with Security/GRC on control interpretation and evidence needs; implements controls in engineering systems and pipelines.
Maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards).
Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows.

5+ years of experience in DevOps/SRE/Platform Engineering and/or Security Engineering with a strong automation and delivery focus.
Hands-on experience securing AWS environments: IAM (least privilege), network controls, encryption (KMS), and centralized logging/detection.
Strong Kubernetes security experience (EKS or equivalent): RBAC, workload hardening, and policy enforcement via admission control.
Experience integrating security into CI/CD pipelines and developer workflows (SAST, SCA, secrets scanning, container scanning, IaC scanning).
Infrastructure as Code proficiency (Terraform, CloudFormation, CDK, or Pulumi) and ability to embed guardrails into IaC workflows.
Proficiency scripting/coding (e.g., Python, Go, Bash) to build integrations, automations, and internal tooling.
Able to communicate risk and tradeoffs clearly and pragmatically to engineers; improves signal-to-noise rather than adding friction.

100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
Unlimited PTO, with your manager’s approval
Flexible work environment where you manage your work day
14 weeks of fully-paid parental leave

Senior DevSecOps, Platform Security Engineer – AWS, Kubernetes

Key skills