DevSecOps Engineer

Eligibility / Qualification Required:

TLDR

• Secure SDLC Integration: Embed security into CI/CD pipelines by implementing and owning secure controls, including Infrastructure as Code (IaC) scanning, Software Composition Analysis (SCA), secrets checks, policy-as-code, and deployment guardrails.
• Vulnerability Management: Lead the process of vulnerability and patch management, automating discovery, prioritization, and remediation across all cloud workloads and their dependencies.
• Platform Hardening: Strengthen cloud and Kubernetes environments through secure configurations, network segmentation, workload identity management, and automated compliance against industry standards (e.g., CSA Star).
• Supply Chain Security: Advance the security of the software supply chain, focusing on generating Software Bill of Materials (SBOMs), artifact signing, dependency governance, and implementing integrity controls.
• Secure Patterns: Create secure "paved roads" for developers, providing hardened IaC modules, templates, tooling, and comprehensive documentation.

• Cyber Resilience: Own and validate cyber-resiliency standards (secure failover, secure backups, Disaster Recovery playbooks) through secure rehearsals to ensure both the availability and integrity of systems and data
• Security Deployment: Develop secure deployment patterns, such as canary rollouts, automated safe rollbacks, and guardrails to minimize blast radius
• Detection & Forensics: Improve detection and response capabilities by building high-signal alerts, enhancing forensic logging, and providing robust security telemetry. Partner with the SecOps team on incident handling
• Offensive Security: Alongside the Security team, help manage offensive security engagements (penetration testing, red team, bug bounty) and ensure findings are fed directly into remediation pipelines and risk prioritization

• Design & Threat Modeling: Conduct security reviews and threat modeling for all new services and major architecture changes to ensure designs are secure-by-default
• Identity & Access Management (IAM): Strengthen the identity and access model by enforcing the principle of least privilege, strong authentication, and secure secrets lifecycle management
• Compliance & Audit: Support compliance and audit readiness by operationalizing security controls, producing necessary evidence, and maintaining the health of these controls

• Security Champion: Champion a strong security culture by partnering with DevOps and Engineering teams to uplift secure coding practices and guide risk-based decision-making
• Metrics & Reporting: Define key security performance indicators (KPIs) such as time to detect, time to remediate, exposure scores, and percentage of infrastructure covered by automated controls, and report measurable improvements to leadership

• Excited about Alpaca’s mission and what we’re building
• 5+ years of experience across DevSecOps, security engineering, or cloud security in a modern cloud-native environment
• Strong hands-on experience with CSPs, Kubernetes, Terraform, and container security
• Deep understanding of secure CI/CD, including IaC security, dependency/SCA, secrets scanning, and policy-as-code
• Solid background in identity & access security
• Experience automating vulnerability management and patching workflows across cloud and container ecosystems
• Strong familiarity with detection engineering, logging/telemetry, and partnering in incident response
• Proficient in a scripting/programming language (Python, Go, or similar) for automation and security tooling
• Comfortable working cross-functionally with DevOps and Engineering teams, explaining risk in practical terms, and influencing secure design
• Comfortable participating in on-call rotations

• Experience securing financial, trading, or other highly regulated platforms
• Knowledge of regulatory frameworks common in fintech (SOC 2, ISO 27001, PCI)
• Experience with supply-chain security (SBOMs, Sigstore, artifact signing) or software integrity programs
• Familiarity with offensive security, bug bounty triage, or penetration testing
• Security or cloud certifications (CISSP, OSCP, GIAC, GCP/AWS Security)
• Bachelor's degree in Computer Science, Information Security, or equivalent experience.
• Business acumen to be able to balance tradeoffs between stakeholders, technology feasibility and budget constraints

How We Take Care of You:

• Competitive Salary & Stock Options
• Health Benefits
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card

Benefits

How to Apply: