CounterpartRemote
Staff DevSecOps Engineer
United States
Full Time
1 hour ago
$220,000 - $250,000 USD
H1B Sponsor
Key skills
DevSecOps experienceAWS securitySOC 2 complianceHIPAA complianceIT operations managementsecurity frameworksAI security risksdomain curiosityremote team experienceAIAgenticAWSIdentity Management
About this role
Counterpart is dedicated to helping small businesses grow with confidence through cutting-edge technology and insurance expertise. The Staff DevSecOps Engineer will own the company's security posture and lead the redesign of security measures to address evolving threats and compliance requirements, while also managing IT operations and platform infrastructure security.
Responsibilities:
- Own the organization's security posture. Define, implement, and maintain the controls, policies, and practices that keep Counterpart secure across human and agentic interactions
- Own our SOC 2 Type 2 and HIPAA compliance programs. Manage and automate audits, maintain evidence, and extend our compliance posture as the business and the threat surface grow
- Stay ahead of emerging threats and regulations. Continuously evaluate our security posture against new attack vectors, including data poisoning, adversarial inputs, and agent hijacking. Track how AI security standards and regulatory requirements are evolving and get ahead of them before they become mandatory
- Own IT operations end-to-end, from onboarding to offboarding. Manage and automate device procurement and provisioning, access controls, identity management, and the internal tooling stack
- Own platform infrastructure security as a hands-on member of the DevOps team
- Build and maintain sandbox architecture that allows safe experimentation without risking production systems
- Design and implement secure environments for AI agent workloads, including trust boundaries, defenses against prompt injection, data exfiltration, and other unexpected behaviors
Requirements:
- 10+ years in DevSecOps, security engineering, or a combination of DevOps, security, and IT roles
- Hands-on experience with cloud infrastructure and security on AWS
- Experience owning or co-owning SOC 2 and HIPAA compliance programs, not just contributing to them
- Experience managing IT operations, including device management, identity and access management, and internal tooling
- A solid foundation in security frameworks and compliance standards, including hands-on familiarity with AI agent risks such as prompt injection, data poisoning, and adversarial inputs. You think proactively about how emerging AI security standards and regulations affect an insurance technology company deploying agents
- The ability to communicate security risks clearly to non-technical stakeholders and translate compliance requirements into engineering decisions
- The drive to build a security function from the ground up and grow into owning it fully
- Domain curiosity about insurance. You either understand how insurance works or you are genuinely motivated to learn. Security decisions are better when you understand the business they protect
- Experience working with distributed, remote teams