DevSecOps Engineer

The Ideal Candidate

The ideal candidate is a senior, hands‑on DevSecOps Engineer with strong experience operating and securing cloud‑native production environments in regulated settings.

They have deep expertise in AWS, Kubernetes and Infrastructure as Code, and are comfortable owning production reliability, security monitoring, incident response and audit readiness (e.g. SOC2, PCI‑DSS). They favour automation over manual processes and take a pragmatic, security‑first approach to building and running scalable platforms.

This individual works well across engineering teams, communicates clearly in a distributed environment, and is confident mentoring others on secure infrastructure and DevSecOps best practices.

The Role

The DevSecOps Engineer's objective is to integrate security controls and maintain a highly available cloud infrastructure. You will ensure our platform remains secure, scalable, and compliant with relevant security standards (including SOC2 and PCI-DSS) by focusing on the running, securing, and monitoring of services in production.

Key Objectives:

• Production Excellence: Operate production environments with a "security-first" mindset, monitoring both availability and potential threats.
• Infrastructure as Code: Build and maintain secure IaC to manage platform scaling and consistency.
• Continuous Compliance: Ensure the success of security audits through automated compliance checks and rigorous evidence collection.
• Culture & Collaboration: Bridge the gap between development, security, and operations to foster a robust DevSecOps culture within the wider Engineering department.

Responsibilities

• Infrastructure Management: Manage core AWS services (EKS, RDS, S3, Lambda) with a focus on encryption, least-privilege access, and service reliability.
• Monitoring & Incident Response: Develop and refine strategies for monitoring system health and security events using tools like OpenSearch, Prometheus, and Grafana.
• Compliance & Auditing: Ensure all AWS environments meet relevant security standards. Implement and monitor "Policy as Code" using Terraform to automate audit-readiness.
• Deployment & Security Automation: Maintain configurations for automation tools, secure deployments, and vulnerability scans. Work with standardized SDLC tools to ensure consistent delivery to production.
• Cross-Team Collaboration: Work closely with the teams and Software Engineers to ensure application deployments are successful, working as intended, and compliant with security standards.
• Technical Mentorship: Provide leadership and guidance on secure infrastructure practices to other Software Engineers across the organization.
• This position involves on-call responsibilities: Responding to operational incidents when necessary. We aim to minimize unnecessary paging and build fault-tolerant systems that reduce operational load.

Skills and Experience

Successful candidates for this role will generally possess the following qualifications and skills:

• 5 years+ in a DevSecOps, SRE, or Cloud Engineering role, preferably in fintech or a highly regulated environment.
• Deep expertise in AWS (specifically IAM, EKS, VPC, S3, RDS, and EC2).
• Strong understanding of TCP/IP, DNS, firewalls, and security tools (e.g., WAF, KMS, Shield).
• Extensive experience with Docker and Kubernetes (EKS), including administration and deployment via Helm.
• Proficiency in Terraform for managing complex cloud environments.
• Experience securing and tuning PostgreSQL, MySQL, or MariaDB.
• Experience with GitLab CI, ArgoCD, or Atlantis.
• Proficiency in Python or Bash for automation tasks.

Personality Attributes

• Ability to thrive under the pressure of audit deadlines and production incidents.
• A strong preference for automated solutions over manual intervention.
• Strong communication skills for working with distributed teams across multiple time zones.