Skip to content

Senior / Staff DevSecOps Engineer

Builds and owns security infrastructure including runtime security, IAM, secrets management, CI/CD hardening, and compliance for cloud/container environments. Embeds with engineering teams to enable secure-by-default development using AWS, Terraform, and policy-as-code tools. Requires 8+ years DevSecOps experience.

Arlington, VADevOps / SREOnsite8+ YOE

About the role

Responsibilities

  • Own runtime security and vulnerability management across cloud and container environments, including triage, prioritization, and remediation tracking.
  • Design and enforce identity and access management (IAM) across AWS and internal systems — least-privilege by default.
  • Own secrets and credentials management: policies, tooling, rotation, and developer workflows.
  • Lead security incident response: detection, containment, root cause analysis, and durable remediation.
  • Manage AWS Organization structure, account boundaries, SCPs, and guardrails.
  • Harden and maintain CI/CD pipelines, embedding security scanning and policy enforcement.
  • Drive compliance efforts — own the evidence, controls, and remediation work to meet relevant frameworks.
  • Build and maintain secure-by-default templates for repos, pipelines, and infrastructure modules.
  • Reduce friction through automation: certificate issuance, secrets access, policy-as-code, and developer-facing tooling.
  • Produce lightweight, practical security guidance for engineers.

Requirements

  • 8+ years in DevSecOps, platform security, or related security engineering role.
  • Deep hands-on experience with AWS — IAM, SCPs, Organizations, security services (GuardDuty, Security Hub, CloudTrail).
  • Strong IaC experience with Terraform; enforce security controls, policy-as-code (OPA, Checkov, tfsec), continuous compliance (AWS Config Rules).
  • Experience owning secrets management end-to-end in production.
  • Proven track record designing and hardening CI/CD pipelines (GitHub Actions).
  • Hands-on with container security, including image scanning and runtime controls.
  • Experience leading or contributing to compliance program; CMMC Level 2 or NIST SP 800-171 preferred.
  • Run incident response — on call, post-mortem, shipped fixes.
  • Strong communication skills to drive security adoption.

Nice To Haves

  • Experience growing a DSO or security engineering function.
  • Familiarity with observability tooling (LGTM stack) for security signals.
  • Background in configuration management (Ansible).
  • Experience with developer-facing security platforms or internal tooling.
  • Interest in growing into lead or manager role.

Tech Environment

  • Cloud: AWS, Terraform, Ansible
  • Containers: Docker, Docker Compose
  • CI/CD: GitHub Actions
  • Vulnerability scanning: Trivy
  • Observability: Grafana, Loki, Tempo, Mimir
  • Alerting: PagerDuty
  • Languages: Go, TypeScript/Node, React, Python

Skills

AWSTerraformIAMScpsGuarddutySecurity HubCloudtrailOpaCheckovTfsecGitHub ActionsDockerTrivyAnsiblePagerduty

Similar roles

DevOps / SRE jobs

Staff Software Engineer, Cloud FinOps

Staff-level engineer driving company-wide cloud cost optimization and FinOps initiatives across engineering teams. Requires 5+ years infrastructure experience and 2+ years FinOps/cloud cost management.

180k – 240kUnited StatesDevOps / SRERemote5+ YOEAWSJava

Staff Software Engineer, Core Reliability

Staff engineer on the Infra Reliability team improving system resiliency, deployment safety, and configuration management for Coinbase's production environment at massive scale.

218k – 257kUnited StatesDevOps / SRERemote7+ YOEGoAWS

Staff+ Software Engineer, Caching

Build and operate Anthropic's managed Redis caching layer and client libraries from the ground up. Drive technical direction for distributed caching infrastructure across multi-cloud environments with focus on consistency, performance, and developer experience.

320k – 485kSan Francisco, CA +2DevOps / SREHybrid10+ YOEGoC++

Senior Staff Engineer, Platform R&D

Senior individual contributor embedded in Crusoe's Managed Platform Services team to accelerate delivery through rapid AI-augmented R&D, prototyping, and cross-domain technical leadership. Requires 10+ years experience with systems languages and cloud-native infrastructure.

245k – 295kSan Francisco, CADevOps / SREOn-site10+ YOEGoC++

Software Engineer, Developer Experience

Lead the rollout of Go as a fully supported, production-grade platform at Notion. Own service patterns, tooling, and guardrails while tackling high-leverage developer experience challenges across AI workflows, CI, and reliability.

New York, NY +1DevOps / SREHybrid10+ YOEGoCI/CD