DevSecOps Engineer

We are looking for an experienced DevSecOps Engineer to drive the security, reliability, and operational excellence of Bobsled's data-sharing platform. You'll apply your expertise to complex technical and business challenges, ensuring that our infrastructure and pipelines are not only highly available and scalable but also secure by design.

Please note: This role is open exclusively to candidates located in the Central Time (CT) or Eastern Time (ET) zones in the USA or Canada.

This role blends the disciplines of Site Reliability Engineering (SRE), Traditional DevOps, and Security, and you will play a key role in securing Bobsled's multi-cloud environment (GCP, AWS, Azure, Cloudflare, Snowflake, Databricks, Oracle Cloud Infrastructure). Your work will have a direct and massive impact on the way organizations securely share and collaborate on data across the world.

As an early hire, you will also play a pivotal role in shaping our team culture, fostering a collaborative environment, and assessing engineering candidates.

• Security-First Engineering: Integrate security best practices into CI/CD pipelines, infrastructure as code (IaC), and operational processes.
• Cloud Security: Ensure Bobsled's multi-cloud infrastructure follows security best practices, including identity and access management (IAM), network security, and encryption.
• Infrastructure and Application Security: Design and implement secure, scalable, and reliable systems while enforcing policies around least privilege, zero trust, and compliance frameworks.
• Secure CI/CD Pipelines: Build and maintain pipelines that ensure safe, compliant, and automated deployment of infrastructure and applications.
• Incident Response & Threat Detection: Establish and continuously improve incident response processes, threat detection, and security observability for our cloud environments.
• Monitoring & Observability: Develop robust monitoring, logging, and alerting systems for both security and reliability, ensuring visibility into infrastructure and application health.
• Secrets & Credential Management: Implement and manage secure handling of credentials, keys, and secrets in alignment with best practices.
• Risk & Compliance Awareness: Work cross-functionally to align with security frameworks (SOC 2, ISO 27001, etc.) and assist in compliance efforts.

• 8+ years of experience in SRE, DevOps, or DevSecOps, managing distributed cloud-native systems in production.
• Strong background in cloud security principles, with hands-on experience securing AWS, GCP, Azure, and/or OCI environments.
• Proficiency in Infrastructure as Code (IaC) tools like Terraform (CDKTF), and experience with Typescript or other modern programming languages.
• Expertise in security monitoring and incident response, including logging, SIEM solutions, and forensic analysis.
• Deep understanding of modern IAM, role-based access control (RBAC), and secrets management (e.g., HashiCorp Vault, AWS Secrets Manager).
• Experience designing hardened CI/CD pipelines that enforce security policies and compliance requirements.
• Knowledge of security compliance frameworks such as SOC 2, NIST, ISO 27001 is a strong plus.
• Experience with serverless security, container security (Kubernetes, Docker), and cloud-native security tooling is a plus.

• Salary: $150-200K, dependent on experience
• Equity: 0.1-0.25%, dependent on experience
• Health Insurance: Medical (100% paid), dental, and vision benefits for you and your family
• Generous PTO policy and paid parental leave
• Fully upgraded Apple MacBook and 4K monitor (for engineering team only)
• Home office stipend of $1,000
• Flexible work hours in a fully remote work environment
• Fully sponsored individual coaching for all employees to help foster a culture of personal reflection and growth (optional but encouraged)

We know that no candidate is perfectly qualified for any job. Experience comes in different forms, and many skills are transferable. More important than your resume is a clear demonstration of skill, dedication, and the ability to thrive in a collaborative environment.

If you're passionate about cloud security, operational excellence, and building secure, scalable systems, we'd love to hear from you!