# Staff Security Engineer, DevSecOps (Corporate Security)
**Company:** [1Password](https://hotfix.jobs/companies/1password)
**Location:** Remote
**Salary:** $192K-$278K
**Experience:** 8+ years
**Skills:** Github Enterprise, GitHub Actions, CI/CD, Python, Bash, Terraform, Software Supply Chain Security, Sbom, Secret Scanning, Dependency Management, Ai Security, Branch Protections
**Posted:** 2026-05-02
> Leads DevSecOps function to secure developer environments, GitHub Enterprise, CI/CD pipelines, software supply chains, and AI-assisted development at scale. Requires 8+ years experience, deep GitHub expertise, and scripting skills to set engineering-wide standards without hindering velocity.
## Job Description
## Responsibilities
- Own the DevSecOps function: set technical direction, define operating model, drive developer security program.
- Own GitHub and CI/CD security: harden GitHub Enterprise, implement governance, repository standards, Actions security, audit visibility.
- Define AI-assisted development security: build guardrails, governance standards for AI coding tools and agentic workflows.
- Harden software supply chain: improve dependency hygiene, secret management, token governance, secure package consumption.
- Set standards engineering teams use: build secure templates, baseline configurations, developer-friendly guardrails.
- Partner with Platform Engineering: embed security in developer tooling and platform infrastructure.
- Elevate team: mentor engineers, distribute ownership, contribute to hiring.
- Support operations: participate in on-call rotations, contribute to investigations.

## Requirements
- Minimum 8+ years in security engineering, DevSecOps, platform security, securing developer environments, CI/CD, software supply chains.
- Deep expertise in **GitHub Enterprise** security: branch protections, secret scanning, access controls, repository standards, Actions security, audit logging.
- Design/implement CI/CD security controls without degrading developer velocity; experience with **GitHub Actions**.
- Software supply chain security: dependency hygiene (npm, pip), token/secret management, secure packages, **SBOM** generation.
- Experience with AI-assisted development security (Copilot, Cursor, Claude Code), policy/technical controls.
- Architectural decisions spanning teams; scalable, reusable security controls.
- Scripting/automation: **Python**, **Bash**, **Terraform**.
- Build alignment with engineering stakeholders, influence standards without authority.
- Track record of mentorship, documentation, growth opportunities.
- Experience with on-call rotations, investigations (developer tooling, source control, credentials).

## Compensation (USA)
- Base salary: $192,000 - $278,000 USD
- Benefits: health, dental, 401k, PTO, equity, incentives

## Compensation (Canada)
- Base salary: $167,000 - $242,000 CAD
- Benefits: health, dental, RRSP, PTO, equity
**Apply:** https://hotfix.jobs/jobs/staff-security-engineer-devsecops-corporate-security-at-1password-e96d14ec-9f48-4733-9329-f3c588470f86
**Canonical:** https://hotfix.jobs/jobs/staff-security-engineer-devsecops-corporate-security-at-1password-e96d14ec-9f48-4733-9329-f3c588470f86