Senior DevSecOps / Platform Security Engineer (AWS + Kubernetes)

About the Role

We’re hiring a senior, hands-on DevSecOps/Platform Security Engineer to build and operate production security controls across our AWS and Kubernetes platform. You’ll design and implement guardrails that make secure delivery the default—covering CI/CD security automation, software supply chain controls, and Kubernetes policy enforcement—while partnering closely with Platform/SRE and Security/GRC.

What You'll Own:

You'll have real ownership over critical platform security capabilities including:

• CI/CD security automation and developer-facing security workflows (SAST/SCA, secrets scanning, IaC scanning, container scanning).
• software supply chain controls (SBOM, artifact/image signing and verification, provenance and promotion workflows).
• Kubernetes policy enforcement and admission controls (policy-as-code) that encode platform security guardrails.
• Co-own AWS security guardrails with Platform/SRE (IAM patterns, logging and detection, network and encryption baselines).
• Partner with Security/GRC on control interpretation and evidence needs; implements controls in engineering systems and pipelines.

What You’ll Do

• Design, build, and maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards).
• Implement Kubernetes security architecture and guardrails (RBAC hardening, workload security baselines, admission policies, network policies, and safe multi-tenant patterns as applicable).
• Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows.
• Operationalize vulnerability management with risk-based prioritization, measurable remediation SLAs, and dashboards/metrics (MTTR, exposure trends, top recurring root causes).
• Drive developer enablement: clear documentation, lightweight design reviews/threat modeling for high-impact changes, office hours, and high-signal guidance embedded in tooling.

Real Production Responsibility:

This role builds and runs production security systems.

• You'll ship code and infrastructure, not just recommendations
• You'll own reliability and outcomes for the controls you build.
• You'll response to incidents and on-call rotation related to platform security controls and pipeline reliability (scope aligned with Platform/SRE).

Regulated Environment Support

This role supports delivery into regulated environments and works closely with Security/GRC to implement engineering-owned controls and produce audit-ready evidence. You’ll help translate requirements (for example, NIST SP 800-171 and CMMC expectations) into practical, automated guardrails within CI/CD, AWS, and Kubernetes.

What We’re Looking For (Required)

• 5+ years of experience in DevOps/SRE/Platform Engineering and/or Security Engineering with a strong automation and delivery focus.
• Hands-on experience securing AWS environments: IAM (least privilege), network controls, encryption (KMS), and centralized logging/detection.
• Strong Kubernetes security experience (EKS or equivalent): RBAC, workload hardening, and policy enforcement via admission control.
• Experience integrating security into CI/CD pipelines and developer workflows (SAST, SCA, secrets scanning, container scanning, IaC scanning).
• Infrastructure as Code proficiency (Terraform, CloudFormation, CDK, or Pulumi) and ability to embed guardrails into IaC workflows.
• Proficiency scripting/coding (e.g., Python, Go, Bash) to build integrations, automations, and internal tooling.
• Able to communicate risk and tradeoffs clearly and pragmatically to engineers; improves signal-to-noise rather than adding friction.

Nice to Have (Preferred)

• Experience with Kubernetes policy-as-code tooling (OPA/Gatekeeper, Kyverno) and secure workload identity patterns (OIDC/IRSA).
• Experience with software supply chain security: SBOM generation and management, signing/verification (e.g., cosign), and provenance concepts.
• Experience building ‘golden paths’ or internal developer platforms that improve both delivery velocity and security outcomes.
• Familiarity with regulated delivery expectations (NIST SP 800-171/CMMC) and evidence-driven control implementation.

How we work:

• Pragmatic, automation-first approach: secure-by-default, low-friction workflows.
• Partners closely with Platform/SRE and Security/GRC; clear ownership and measurable outcomes.
• Focus on durable systems: guardrails, templates, and controls that scale across teams.

Other Qualifications

• Analytical Aptitude: Possess keen analytical and problem-solving skills, coupled with the capability to understand complex software challenges and collaborate toward viable solutions.
• Effective Communication: Skilled in distilling technical complexities into comprehensible terms for varied audiences.
• Adaptive Nature: Resilience and adaptability in the face of an ever-changing tech landscape, with a knack for rapidly integrating new technologies and methodologies.
• Agile Methodology Experience: An understanding and hands-on experience with agile development methodologies and version control tools.
• Agility in Tech: Demonstrated adaptability in the fast-paced tech landscape, continually embracing and integrating new technologies and methodologies.
• Education: While formal education in Computer Science or related fields is a plus, DefconAI values hands-on experience and demonstrable skills above all. Candidates with 6+ years of relevant experience will be considered regardless of their academic pedigree.
• Continuous Learner: A commitment to perpetually update one's skill set, staying aligned with the latest in technology trends and best practices.

What We Offer:

• A fully remote, results-based environment
• Competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• 14 weeks of fully-paid parental leave

Salary range: $175,000-$215,000. This represents the typical salary range for this position based on experience, skills, and other factors.