The DevSecOps Engineer will integrate security practices into the CI/CD pipeline, conduct security audits, and automate security tasks to ensure compliance with industry standards.
Roadie, a UPS company, is a leading logistics and delivery platform that helps businesses tackle the complexities of modern retail with unmatched delivery coverage, flexibility and visibility. Reaching 97% of U.S. households across more than 30,000 zip codes — from urban hubs to rural communities — Roadie provides seamless, scalable solutions that meet a variety of delivery needs.
With a network of more than 310,000 independent drivers nationwide, Roadie offers flexible delivery solutions that make complex logistics challenges easy, including solutions for local same-day delivery, delivery of big and bulky items, ship-from-store and DC-to-door. For more information, visit www.roadie.com.
We are looking for a DevSecOps Engineer that will be responsible for supporting and implementing all aspects of secure SDLC, including patching vulnerabilities in libraries, code, and conducting security audits. You will work closely with our development, operations, and security teams to ensure that our cloud infrastructure and Kubernetes deployments are secure, scalable, and efficient. Your primary responsibility will be to integrate security practices into the CI/CD pipeline, automate security tasks, and ensure compliance with industry standards.
What You’ll Do
- Work cross-functionally with the InfoSec, SRE, and Engineering teams
- Keep up to date with current vulnerabilities in the DevOps space, patch, mitigate, or procure acceptance of the vulnerability by InfoSec standards
- Check code and repositories for insecure coding practices and work with Engineering teams to remediate
- Work closely with InfoSec to create and maintain Secure SDLC training
- Conduct security based quality assurance on pre-deployment packages, and seek approval or denial of those deployments based upon security findings
- Conduct security based quality assurance such as dynamic and static code testing
- Work closely with Compliance and Engineering teams to conduct pre-project risk assessments
- Implement security checks and practices within CI/CD pipelines to ensure secure code deployment and infrastructure
- Develop automation scripts and tools to streamline security processes, including vulnerability scanning, patch management, and incident response
- Conduct security training and awareness programs for engineering teams to promote a security-first culture
What You Bring
- Bachelor's Degree in Computer Science/Engineering, or related work experience
- 3+ years development experience in an enterprise environment
- 2+ years security, risk, or compliance experience
- Strong knowledge of security tools and best practices, including vulnerability scanning (e.g., Nessus, Qualys), SAST/DAST, and container security tools
- Proficiency with scripting and automation languages, especially IaC such as Terraform, Crossplane, etc
- Experience with various development methodologies, tools, and CI/CD tools such as Bitbucket, Gitlab, Github, Circle CI, Travis CI, Argo CD, Azure DevOps
- Security and DevOps certifications strongly preferred
Why Roadie?
- Competitive compensation packages
- 100% covered health insurance premiums for yourself
- 401k with company match
- Tuition and student loan repayment assistance (that’s right - Roadie will contribute directly to your existing student loans!)
- Flexible work schedule with unlimited PTO
- Monthly 3-day weekends
- Monthly WFH stipend
- Paid sabbatical leave - tenured team members are given time to rest, relax, and explore
- The technology you need to get the job done
Similar Jobs
Information Technology • Consulting • Cybersecurity
Mid-level DevSecOps Engineer to extend and maintain a federal customer's secure infrastructure automation and CI/CD pipelines. Responsibilities include IaC with Terraform/OpenTofu, Ansible automation, GitHub Actions pipelines with embedded security gates, container hardening and scanning, Kubernetes/Helm support, and alignment with CIS and NIST security controls.
Top Skills:
AnsibleAWSBashCheckovCis BenchmarksDockerGithub ActionsGitleaksGrypeHashicorp VaultHelmKubernetesNist Sp 800-171Nist Sp 800-207Nist Sp 800-53Opa/RegoOpentofuPythonSemgrepTerraformTfsecTrivy
Computer Vision • Software
Join the CMS BDAMAX team to embed security into CI/CD and infrastructure, manage Terraform-based provisioning, integrate vulnerability findings into remediation workflows, support audit readiness and incident response, and enforce secure governance for AI platforms across a regulated federal environment.
Top Skills:
Amazon BedrockArgo WorkflowsAWSAws Security HubAws VpcCursorEc2EcsEksFargateFedrampFismaGeminiGithub CopilotJenkinsKubernetesRds Aurora PostgresqlRoute 53S3Secrets ManagerTerraform
Agency • Information Technology
Lead and mentor DevSecOps efforts across cloud environments: implement vulnerability scanning/remediation, certificate and key management, IAM, security monitoring analytics, automate secure CI/CD pipelines using IaC and tooling, and embed security into development lifecycle.
Top Skills:
Amazon AwsAnsibleApi SecurityAtlassian BitbucketBashCertificate ManagementContainer SecurityDigital.AiDynatraceElasticGCPGitlabGitlab CiGoogle KmsHashi VaultIacIbm GuardiumLinuxAzureNmapPacPrisma CloudPrisma ComputePrisma ScanningPythonTenableTerraformThalys Database ProtectionVenafiVulnerability Scanning
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
