Staff Software Engineer, Cloud FinOps
Staff-level engineer driving company-wide cloud cost optimization and FinOps initiatives across engineering teams. Requires 5+ years infrastructure experience and 2+ years FinOps/cloud cost management.
Senior / Staff DevSecOps Engineer
Builds and owns security infrastructure including runtime security, IAM, secrets management, CI/CD hardening, and compliance for cloud/container environments. Embeds with engineering teams to enable secure-by-default development using AWS, Terraform, and policy-as-code tools. Requires 8+ years DevSecOps experience.
Arlington, VADevOps / SREOnsite8+ YOE
About the role
Responsibilities
- Own runtime security and vulnerability management across cloud and container environments, including triage, prioritization, and remediation tracking.
- Design and enforce identity and access management (IAM) across AWS and internal systems — least-privilege by default.
- Own secrets and credentials management: policies, tooling, rotation, and developer workflows.
- Lead security incident response: detection, containment, root cause analysis, and durable remediation.
- Manage AWS Organization structure, account boundaries, SCPs, and guardrails.
- Harden and maintain CI/CD pipelines, embedding security scanning and policy enforcement.
- Drive compliance efforts — own the evidence, controls, and remediation work to meet relevant frameworks.
- Build and maintain secure-by-default templates for repos, pipelines, and infrastructure modules.
- Reduce friction through automation: certificate issuance, secrets access, policy-as-code, and developer-facing tooling.
- Produce lightweight, practical security guidance for engineers.
Requirements
- 8+ years in DevSecOps, platform security, or related security engineering role.
- Deep hands-on experience with AWS — IAM, SCPs, Organizations, security services (GuardDuty, Security Hub, CloudTrail).
- Strong IaC experience with Terraform; enforce security controls, policy-as-code (OPA, Checkov, tfsec), continuous compliance (AWS Config Rules).
- Experience owning secrets management end-to-end in production.
- Proven track record designing and hardening CI/CD pipelines (GitHub Actions).
- Hands-on with container security, including image scanning and runtime controls.
- Experience leading or contributing to compliance program; CMMC Level 2 or NIST SP 800-171 preferred.
- Run incident response — on call, post-mortem, shipped fixes.
- Strong communication skills to drive security adoption.
Nice To Haves
- Experience growing a DSO or security engineering function.
- Familiarity with observability tooling (LGTM stack) for security signals.
- Background in configuration management (Ansible).
- Experience with developer-facing security platforms or internal tooling.
- Interest in growing into lead or manager role.
Tech Environment
- Cloud: AWS, Terraform, Ansible
- Containers: Docker, Docker Compose
- CI/CD: GitHub Actions
- Vulnerability scanning: Trivy
- Observability: Grafana, Loki, Tempo, Mimir
- Alerting: PagerDuty
- Languages: Go, TypeScript/Node, React, Python
Skills
AWSTerraformIAMScpsGuarddutySecurity HubCloudtrailOpaCheckovTfsecGitHub ActionsDockerTrivyAnsiblePagerduty
Similar roles
DevOps / SRE jobsStaff Software Engineer, Core Reliability
Staff engineer on the Infra Reliability team improving system resiliency, deployment safety, and configuration management for Coinbase's production environment at massive scale.
Staff+ Software Engineer, Caching
Build and operate Anthropic's managed Redis caching layer and client libraries from the ground up. Drive technical direction for distributed caching infrastructure across multi-cloud environments with focus on consistency, performance, and developer experience.
Senior Staff Engineer, Platform R&D
Senior individual contributor embedded in Crusoe's Managed Platform Services team to accelerate delivery through rapid AI-augmented R&D, prototyping, and cross-domain technical leadership. Requires 10+ years experience with systems languages and cloud-native infrastructure.