Senior DevOps Engineer

While we're proud of what we've already accomplished, we're searching for new collaborators to help us get to the next level! If you're looking to join a forward-thinking, rapidly growing organization with helping people as its number one goal, we want to hear from you.

About the Role

We are looking for a Senior DevOps Engineer who specializes in AWS and containerized environments. Our team runs infrastructure as a software project, deploying cloud resources using Infrastructure As Code and a GITOPS model. We leverage best in class tools, and press to eliminate entire classes of problems, rather than execute one off remediations. Our company and team are growing, we need strong contributors for major initiatives. 

What We're Looking For

• 5+ years of experience in a DevOps or SRE role.
• Infrastructure as Code expertise (Terraform/Open Tofu, Helm).
• A strong Devops SDLC mindset.
• Seasoned in orchestrating project prioritization and guiding teams through execution.
• Strong focus on fostering collaboration and developing strategic roadmaps
• Extensive experience with AWS and its core services (ECS/EKS, S3, RDS, Lambda, Etc.).
• Solid experience with CI/CD tools (AWS Codepipeline, Spacelift, CircleCI).
• Strong experience with containerization technologies like Docker, ECS, and Kubernetes.
• Strong Debugging, Monitoring, and Triage skills.
• A track record of taking ownership of projects and seeing them through from design to production deployment.

What You'll Do

• Develop and maintain our cloud infrastructure, focusing on AWS services.
• Implement and maintain our Continuous Delivery pipelines to enable rapid and reliable software releases.
• Automate infrastructure provisioning and configuration using tools like Terraform or CloudFormation.
• Monitor system performance and troubleshoot issues, ensuring high availability and system reliability.
• Collaborate with engineering teams to optimize application performance and scalability.
• Implement and manage security best practices across our cloud environment.
• Promote and contribute to a High Quality Code Base through code reviews, best practices, and clean documentation.
• Rotating On-Call duties

Senior Application Security Engineer

While we're proud of what we've already accomplished, we're searching for new collaborators to help us get to the next level! If you're looking to join a forward-thinking, rapidly growing organization with helping people as its number one goal, we want to hear from you.

As our Senior Application Security Engineer, you will be the primary owner and driver of our application security program. You’ll work hands‑on with engineering teams to embed secure development practices, improve tooling and automation, and guide security considerations for new features, architectures, and services.

This is a high‑impact role where you’ll shape the future of AppSec at a company that values security as a core part of product quality.

What You’ll Do

Application Security Ownership

• Lead and evolve the company’s application security strategy, roadmap, and day‑to‑day operations.
• Serve as the primary AppSec partner for numerous dev teams working on Ruby on Rails web apps, React Native mobile apps, and various other projects including Python and Go.
• Provide security guidance during design, development, and code review for new features and projects.
• Drive adoption of secure coding practices and threat‑modeling across engineering teams.

Tooling & Automation

• Manage and optimize existing AppSec tooling, including:
  • GitHub Advanced Security (SAST, SCA, Secret Scanning)
  • Invicti (DAST)
  • Hadrian (ASM)
  • AppDome (mobile application security)
  • Cloudflare WAF
• Improve automation and integration of security tools into CI/CD pipelines.
• Identify and implement additional tools or processes to strengthen the security posture.

Secure SDLC & Developer Enablement

• Build and maintain secure development standards, playbooks, and training materials.
• Partner with engineering teams during sprint planning and feature design to proactively address risks.
• Conduct security reviews, code assessments, and vulnerability triage with development teams.

Cloud & DevOps Collaboration

• Work with DevOps to ensure secure AWS infrastructure deployments and configurations.
• Contribute to hardening efforts across ECS, IAM, networking, and supporting cloud services.
• Assist in designing and maintaining secure CI/CD workflows.

Incident & Vulnerability Management

• Lead or support investigation and remediation of application‑level vulnerabilities.
• Monitor, prioritize, and track findings from SAST/DAST/ASM tools.
• Collaborate with engineering to ensure timely and effective remediation.

What We’re Looking For

Required Skills & Experience

• 3–7+ years of experience in Application Security, Product Security, or related engineering roles.
• Strong understanding of secure coding practices, common vulnerabilities (OWASP Top 10), and modern SDLC.
• Experience working with cloud‑native applications, ideally in AWS.
• Understanding of SSL certificates & cryptographic key management
• Hands‑on experience with SAST, DAST, WAFs, and/or mobile application security tools.
• Ability to partner effectively with developers and influence secure design decisions.
• Familiarity with GitHub‑based workflows and CI/CD pipelines.

Nice to Have

• Development experience with Ruby on Rails or similar dynamic languages.
• Knowledge of AWS ECS/EKS, container security, secrets management and infrastructure‑as‑code (CloudFormation, Terraform).
• Experience building or maturing an AppSec program from early stages.
• SOAR Automation & Scripting experience
• Experience working in a PCI compliant environment working with annual reporting needs