Senior DevSecOps / Platform Security Engineer (AWS + Kubernetes)

Описание вакансии

ABOUT DEFCON AI

RESILIENCE IN THE FACE OF DISRUPTION. DEFCON AI is an insights company that leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems.

In today’s dynamically changing world, DEFCON AI’s technology aligns outcomes with operational goals, better decision making, and empowers customers to anticipate assess, and mitigate the impacts of disruptions.

About the Role

We’re hiring a senior, hands-on DevSecOps/Platform Security Engineer to build and operate production security controls across our AWS and Kubernetes platform. You’ll design and implement guardrails that make secure delivery the default—covering CI/CD security automation, software supply chain controls, and Kubernetes policy enforcement—while partnering closely with Platform/SRE and Security/GRC.

What You'll Own:You'll have real ownership over critical platform security capabilities including:

• CI/CD security automation and developer-facing security workflows (SAST/SCA, secrets scanning, IaC scanning, container scanning).
• software supply chain controls (SBOM, artifact/image signing and verification, provenance and promotion workflows).
• Kubernetes policy enforcement and admission controls (policy-as-code) that encode platform security guardrails.
• Co-own AWS security guardrails with Platform/SRE (IAM patterns, logging and detection, network and encryption baselines).
• Partner with Security/GRC on control interpretation and evidence needs; implements controls in engineering systems and pipelines.

What You’ll Do

• Design, build, and maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards).
• Implement Kubernetes security architecture and guardrails (RBAC hardening, workload security baselines, admission policies, network policies, and safe multi-tenant patterns as applicable).
• Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows.
• Operationalize vulnerability management with risk-based prioritization, measurable remediation SLAs, and dashboards/metrics (MTTR, exposure trends, top recurring root causes).
• Drive developer enablement: clear documentation, lightweight design reviews/threat modeling for high-impact changes, office hours, and high-signal guidance embedded in tooling.

Real Production Responsibility:This role builds and runs production secutiry systems.

• You'll ship code and infrastructure, not just recommendations
• You'll own reliability and outcomes for the controls you build.
• You'll response to incidents and on-call rotation related to platform security controls and pipeline reliability (scope aligned with Platform/SRE).

Regulated Environment Support

This role supports delivery into regulated environments and works closely with Security/GRC to implement engineering-owned controls and produce audit-ready evidence. You’ll help translate requirements (for example, NIST SP 800-171 and CMMC expectations) into practical, automated guardrails within CI/CD, AWS, and Kubernetes.

What We’re Looking For (Required)

• 5+ years of experience in DevOps/SRE/Platform Engineering and/or Security Engineering with a strong automation and delivery focus.
• Hands-on experience securing AWS environments: IAM (least privilege), network controls, encryption (KMS), and centralized logging/detection.
• Strong Kubernetes security experience (EKS or equivalent): RBAC, workload hardening, and policy enforcement via admission control.
• Experience integrating security into CI/CD pipelines and developer workflows (SAST, SCA, secrets scanning, container scanning, IaC scanning).
• Infrastructure as Code proficiency (Terraform, CloudFormation, CDK, or Pulumi) and ability to embed guardrails into IaC workflows.
• Proficiency scripting/coding (e.g., Python, Go, Bash) to build integrations, automations, and internal tooling.
• Able to communicate risk and tradeoffs clearly and pragmatically to engineers; improves signal-to-noise rather than adding friction.

Nice to Have (Preferred)

• Experience with Kubernetes policy-as-code tooling (OPA/Gatekeeper, Kyverno) and secure workload identity patterns (OIDC/IRSA).
• Experience with software supply chain security: SBOM generation and management, signing/verification (e.g., cosign), and provenance concepts.
• Experience building ‘golden paths’ or internal developer platforms that improve both delivery velocity and security outcomes.
• Familiarity with regulated delivery expectations (NIST SP 800-171/CMMC) and evidence-driven control implementation.

How we work:

• Pragmatic, automation-first approach: secure-by-default, low-friction workflows.
• Partners closely with Platform/SRE and Security/GRC; clear ownership and measurable outcomes.
• Focus on durable systems: guardrails, templates, and controls that scale across teams.

Other Qualifications

• Analytical Aptitude: Possess keen analytical and problem-solving skills, coupled with the capability to understand complex software challenges and collaborate toward viable solutions.
• Effective Communication: Skilled in distilling technical complexities into comprehensible terms for varied audiences.
• Adaptive Nature: Resilience and adaptability in the face of an ever-changing tech landscape, with a knack for rapidly integrating new technologies and methodologies.
• Agile Methodology Experience: An understanding and hands-on experience with agile development methodologies and version control tools.
• Agility in Tech: Demonstrated adaptability in the fast-paced tech landscape, continually embracing and integrating new technologies and methodologies.
• Education: While formal education in Computer Science or related fields is a plus, DefconAI values hands-on experience and demonstrable skills above all. Candidates with 6+ years of relevant experience will be considered regardless of their academic pedigree.
• Continuous Learner: A commitment to perpetually update one's skill set, staying aligned with the latest in technology trends and best practices.

What We Offer:

• A fully remote, results-based environment
• Competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• 14 weeks of fully-paid parental leave

Salary range: $175,000-$215,000. This represents the typical salary range for this position based on experience, skills, and other factors.

We’re an Equal Opportunity Employer: You’ll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

*Applicant Data Disclosure*

By submitting an application, you acknowledge that Defcon AI uses third-party service providers to facilitate its recruitment and hiring processes. These providers include applicant tracking systems, candidate verification platforms, and fraud detection tools (collectively, "Hiring Platforms"). Your application materials, including your résumé, cover letter, work samples, responses to application questions, and any other information you submit, may be transmitted to and processed by these Hiring Platforms for the following purposes:

• Managing and administering your application throughout the hiring process;
• Verifying the accuracy and authenticity of application materials, including by cross-referencing information you provide against publicly available sources and proprietary databases;
• Identifying indicators of potentially fraudulent, fabricated, or materially misleading application content, including but not limited to discrepancies between submitted materials and publicly available professional profiles, geographic anomalies, and fabricated work histories.

Applications that are flagged through this process as containing indicators of fraud or material misrepresentation may be declined from further consideration. If you have questions about the status of your application or the evaluation process, please contact recruiting@defconai.com.

Defcon AI requires its Hiring Platform providers to process your information solely for the purposes described above and in accordance with applicable law. Your information will be retained only for as long as necessary to fulfill these purposes and any applicable legal obligations, after which it will be deleted in accordance with Defcon AI's data retention policies.

For more information about how your data is used, please refer to our Privacy Policy andApplicant Privacy Notice.