Key skills
AssemblyAIAgenticSaaSCI/CDCollaboration
About this role
Assembly Software is a visionary technology company dedicated to revolutionizing the legal industry. They are seeking a Lead DevSecOps Engineer to manage production operations, infrastructure reliability, and platform security for their SaaS platform, ensuring it remains available and secure for thousands of customers.
Responsibilities:
- You'll be a primary operator for our production cloud environments — monitoring, triaging, and resolving incidents across application, database, and infrastructure layers
- When something breaks, you're the person who fixes it and then makes sure it doesn't break the same way again
- You'll manage database performance, scaling, tenant provisioning, and disaster recovery
- You'll help maintain and evolve our CI/CD infrastructure so that engineering teams can ship reliably and frequently
- You'll care about deployment safety, rollback capabilities, and making the path from code to production as smooth and secure as possible
- You'll execute security remediation, manage vulnerability response, conduct access control reviews, and support our SOC 2 Type 2 compliance program
- You'll build and maintain monitoring, alerting, and dashboards that give the team early warning before customers notice problems
- You'll drive root cause analysis and corrective actions that actually prevent recurrence
- You'll automate — using AI-powered tools to accelerate scripting, incident analysis, log review, resource optimization, and documentation
- You'll build agentic automation for repetitive operational tasks and help shape how our AI-augmented engineering practices evolve across the organization
Requirements:
- You have operated production cloud environments at scale and been the person responsible for keeping them running day after day
- You know relational databases in the cloud: performance tuning, scaling, multi-tenant recovery, and disaster response without reading the docs for the first time
- You've built and maintained CI/CD pipelines, managed deployment failures, and cared about what happens in the middle of a rollout
- You've written real infrastructure as code — provisioned and managed cloud resources using declarative tooling, understood state management and drift, and know the difference between 'it works in dev' and 'it's safe for production.'
- Security is part of how you operate, not someone else's concern: vulnerability management, access control, compliance documentation, and incident logging are part of your daily work
- You script and automate
- You use AI tools in your actual work — and you can tell us specifically what you've built with them and what you had to fix when the AI got it wrong
- You can be on-call
- You're US-based, with the timezone availability to support collaboration and incident response coverage