Key skills
CloudJenkinsKubernetesPythonSDLCTerraformGoBashGitHub ActionsGitLab CICloudFormationGitHubGitLabGitOpsCI/CDRisk ManagementCloud Security
About this role
Role Overview
- Develop and implement security controls across CI/CD platforms including GitHub workflows, Jenkins, and internal build systems.
- Establish secure-by-default pipeline standards covering build isolation, artifact integrity, secrets management, and least-privilege access.
- Identify systemic supply chain risks and build scalable mitigations that prevent entire classes of vulnerabilities.
- Secure Kubernetes-based platforms across multi-cloud environments.
- Define security baselines for clusters, workloads, container runtimes, admission controls, and network segmentation.
- Perform security architecture reviews for complex CI/CD, cloud, and Kubernetes environments.
- Independently manage security risk by making defensible, risk-based decisions balancing business velocity and security posture.
- Recognize capability gaps and design new security solutions that increase coverage and effectiveness across multiple product areas.
- Serve as a trusted security advisor and technical lead within your domain.
- Establish yourself as a domain expert in CI/CD, supply chain, and cloud security.
Requirements
- Bachelor’s degree in Computer Science, Engineering, or related field
- 6+ years of experience in Product Security, Application Security, Cloud Security, or a related field
- Experience threat modeling for CI/CD and cloud-native systems
- Deep expertise in CI/CD systems such as GitHub Actions, Jenkins, GitLab CI, or similar platforms
- Strong experience securing Kubernetes and containerized workloads in cloud-native environments
- Hands-on knowledge of software supply chain security, artifact signing, and open-source risk management
- Experience implementing GitOps workflows and securing infrastructure-as-code (Terraform, CloudFormation, etc.)
- Strong programming or scripting ability (e.g., Python, Go, Bash) with experience building automation and security tooling
- Demonstrated ability to identify systemic risks and design scalable, automation-first mitigations
- Strong understanding of Secure SDLC practices and how security solutions reduce risk across large organizations
- Proven ability to influence engineering teams and serve as a technical leader without formal management authority.
Tech Stack
- Cloud
- Jenkins
- Kubernetes
- Python
- SDLC
- Terraform
- Go
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development