Key skills
DevOpsSite Reliability EngineeringPlatform EngineeringSecurity EngineeringAWS SecurityAWS IAMAWS Network ControlsAWS Encryption (KMS)AWS LoggingDetectionKubernetes SecurityKubernetes RBACKubernetes Workload HardeningKubernetes Admission ControlCI/CD Security AutomationSASTSCASecrets ScanningContainer ScanningInfrastructure as CodeTerraformCloudFormationCDKPulumiScriptingPythonGoBashSoftware Supply Chain SecuritySBOM GenerationArtifact/Image SigningVerificationProvenance WorkflowsNIST SP 800-171 ComplianceCMMC ComplianceAIArtificial IntelligenceAnalyticsAWSKubernetesEKSIAMCI/CD
About this role
Defcon AI is an insights company that leverages artificial intelligence and data analytics for resilient optimization of complex systems. They are seeking a Senior DevSecOps/Platform Security Engineer to build and operate production security controls across AWS and Kubernetes, focusing on CI/CD security automation and software supply chain controls.
Responsibilities:
- Design, build, and maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards)
- Implement Kubernetes security architecture and guardrails (RBAC hardening, workload security baselines, admission policies, network policies, and safe multi-tenant patterns as applicable)
- Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows
- Operationalize vulnerability management with risk-based prioritization, measurable remediation SLAs, and dashboards/metrics (MTTR, exposure trends, top recurring root causes)
- Drive developer enablement: clear documentation, lightweight design reviews/threat modeling for high-impact changes, office hours, and high-signal guidance embedded in tooling
- You'll ship code and infrastructure, not just recommendations
- You'll own reliability and outcomes for the controls you build
- You'll response to incidents and on-call rotation related to platform security controls and pipeline reliability (scope aligned with Platform/SRE)
- This role supports delivery into regulated environments and works closely with Security/GRC to implement engineering-owned controls and produce audit-ready evidence. You’ll help translate requirements (for example, NIST SP 800-171 and CMMC expectations) into practical, automated guardrails within CI/CD, AWS, and Kubernetes
Requirements:
- 5+ years of experience in DevOps/SRE/Platform Engineering and/or Security Engineering with a strong automation and delivery focus
- Hands-on experience securing AWS environments: IAM (least privilege), network controls, encryption (KMS), and centralized logging/detection
- Strong Kubernetes security experience (EKS or equivalent): RBAC, workload hardening, and policy enforcement via admission control
- Experience integrating security into CI/CD pipelines and developer workflows (SAST, SCA, secrets scanning, container scanning, IaC scanning)
- Infrastructure as Code proficiency (Terraform, CloudFormation, CDK, or Pulumi) and ability to embed guardrails into IaC workflows
- Proficiency scripting/coding (e.g., Python, Go, Bash) to build integrations, automations, and internal tooling
- Able to communicate risk and tradeoffs clearly and pragmatically to engineers; improves signal-to-noise rather than adding friction
- Experience with Kubernetes policy-as-code tooling (OPA/Gatekeeper, Kyverno) and secure workload identity patterns (OIDC/IRSA)
- Experience with software supply chain security: SBOM generation and management, signing/verification (e.g., cosign), and provenance concepts
- Experience building ‘golden paths' or internal developer platforms that improve both delivery velocity and security outcomes
- Familiarity with regulated delivery expectations (NIST SP 800-171/CMMC) and evidence-driven control implementation