Job Title: DevSecOps Engineer
Location: Remote
Salary Range: $30,000 - $70,000/year (depending on location) + equity
About Us: We are a fast-growing startup with a mission to provide a simple, minimalist SaaS solution for freelancers, solopreneurs, and small businesses to optimize their sales and marketing processes. Our product is built on a modern stack, and we aim to maintain the highest levels of security, compliance, and operational excellence as we scale. We’re looking for a DevSecOps Engineer who will manage our production infrastructure, development environments, and lead our security/compliance efforts in a growing, agile environment.
The Role: As our DevSecOps Engineer, you’ll be responsible for maintaining a secure, scalable, and reliable infrastructure across our cloud-based platform. This role involves building and optimizing our CI/CD pipelines, securing our cloud infrastructure, and ensuring compliance with industry standards. You’ll work closely with developers, product managers, and leadership to ensure that security is a core part of our development and operational processes.
Responsibilities:
Infrastructure Management:
Design, implement, and manage highly scalable cloud infrastructure (AWS preferred) to support our SaaS platform.
Manage the production environment, ensuring high availability, security, and scalability of our services.
Implement infrastructure as code (IaC) practices using tools like Terraform, CloudFormation, or similar.
Continuously monitor system performance, troubleshoot issues, and implement improvements for scalability and efficiency.
DevOps:
Build, maintain, and optimize CI/CD pipelines for automated testing, integration, and deployment of applications.
Collaborate with development teams to ensure smooth integration of code and deployment processes.
Automate repetitive tasks and streamline operations to improve developer productivity and system reliability.
Security and Compliance:
Establish and enforce security best practices, including patch management, monitoring, and incident response protocols.
Implement and maintain security controls, including firewalls, encryption, and network security monitoring.
Conduct regular security audits, vulnerability assessments, and penetration tests to identify and mitigate risks.
Ensure compliance with relevant security standards (e.g., GDPR, ISO 27001) and support audits when required.
Educate the team on security practices and ensure secure coding standards are followed across the development process.
Required Qualifications:
4+ years of experience in a DevOps or DevSecOps role, with hands-on experience managing cloud infrastructure (preferably AWS).
Strong knowledge of cloud security principles and best practices, including IAM, security groups, VPCs, and encryption techniques.
Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
Proficiency with CI/CD tools such as Jenkins, GitLab CI, or CircleCI, and experience building automated pipelines.
In-depth knowledge of containerization technologies like Docker and orchestration tools such as Kubernetes.
Strong scripting skills (e.g., Bash, Python) for automation and infrastructure management.
Familiarity with logging and monitoring tools (e.g., ELK Stack, Prometheus, Grafana) for performance and security monitoring.
Experience with security frameworks (e.g., OWASP, NIST) and tools for vulnerability scanning and remediation.
Strong understanding of compliance regulations (e.g., GDPR, SOC 2) and the ability to implement controls to maintain compliance.
Nice-to-Haves:
Experience with serverless architectures and microservices deployment strategies.
Knowledge of database security best practices, especially for PostgreSQL and other relational databases.
Familiarity with Zero Trust security models and modern identity management solutions.
Previous experience working in a startup or small team environment.
Soft Skills:
Strong collaboration skills: able to work closely with development, product, and business teams.
Excellent problem-solving skills, with the ability to troubleshoot and resolve complex infrastructure and security issues.
A proactive mindset: always thinking ahead to anticipate potential issues and address them before they become problems.
Strong communication skills, with the ability to explain complex security and infrastructure concepts to non-technical team members.
Detail-oriented and a strong sense of ownership and accountability for maintaining a secure and reliable system.
Why Join Us?
Join a fast-paced startup where you’ll have the autonomy to take ownership of the infrastructure and security strategy.
Be part of a culture that prioritizes security and operational excellence, ensuring you have the resources and support to do your best work.
Work in a remote-friendly environment with a small, collaborative team focused on continuous improvement.
Opportunity to influence the technical direction and shape the security/compliance posture of the company as it grows.