Description
Senior DevSecOps Engineer - Platform & Security Position Overview
We are seeking an experienced DevSecOps Engineer to maintain and enhance our platform infrastructure. This role focuses on ensuring secure, reliable, and scalable deployments while implementing security best practices throughout the development lifecycle.
Key Responsibilities
Platform Operations (40%)
• Maintain and optimize Kubernetes clusters across development, staging, and production environments • Implement and manage GitOps workflows using for continuous deployment
• Configure and maintain service mesh for microservices communication and observability • Manage Helm charts and chart repositories for application packaging
• Implement horizontal pod autoscaling and resource optimization strategies
• Maintain distributed tracing and observability infrastructure
Security Engineering (35%)
• Implement and maintain security scanning in CI/CD pipelines (SAST, DAST, dependency scanning) • Generate and manage Software Bill of Materials (SBOM) for compliance
• Configure and monitor secrets management and rotation strategies
• Implement network policies and zero-trust security models
• Conduct regular security audits and vulnerability assessments
• Manage container image scanning and registry security
• Implement and maintain admission controllers and policy engines
Infrastructure as Code (15%)
• Develop and maintain Helm charts for application deployments
• Create and manage Kubernetes manifests and custom resources
• Implement infrastructure automation using GitOps principles
• Maintain disaster recovery and backup strategies
Monitoring & Incident Response (10%)
• Configure comprehensive monitoring and alerting systems
• Implement SLI/SLO tracking and error budgets
• Participate in on-call rotation and incident response
• Conduct post-mortems and implement preventive measures
Required Technical Skills
Container & Orchestration
• Expert: Kubernetes (3+ years production experience)
• Expert: Docker containerization and multi-stage builds
• Proficient: Helm chart development and management
• Proficient: Service mesh implementation and management
• Working Knowledge: Distributed systems and microservices patterns
GitOps & CI/CD
• Expert: ArgoCD or similar GitOps tools (Flux, Rancher Fleet)
• Proficient: GitLab CI/CD or similar pipeline tools
1
• Proficient: Multi-architecture builds (AMD64/ARM64)
• Working Knowledge: Blue-green and canary deployment strategies
Security Tools & Practices
• Proficient: Container scanning tools (Trivy, Clair, Snyk)
• Proficient: SBOM generation and management tools
• Proficient: Secret management solutions
• Proficient: Network policy and service mesh security
• Working Knowledge: OWASP Top 10 and container security best practices • Working Knowledge: Compliance frameworks (SOC2, HIPAA, PCI-DSS)
Observability & Monitoring
• Proficient: Distributed tracing systems
• Proficient: Log aggregation and analysis
• Proficient: Metrics collection and visualization
• Working Knowledge: APM and performance optimization
Infrastructure & Storage
• Proficient: Block and object storage solutions
• Proficient: Database operations and backup strategies
• Working Knowledge: Message queuing and event streaming
Required Experience
• 5+ years in DevOps/SRE/Platform Engineering roles
• 3+ years working with Kubernetes in production
• 2+ years implementing DevSecOps practices
• Experience with distributed systems and high-availability architectures • Track record of improving deployment velocity while maintaining security
Preferred Qualifications
• Experience with Elixir/Phoenix or similar frameworks
• Knowledge of GraphQL API deployment and scaling
• Experience with multi-tenant SaaS platforms
• Contributions to open-source projects
• Relevant certifications (CKA, CKS, AWS/GCP/Azure)
Soft Skills
• Strong troubleshooting and problem-solving abilities
• Excellent documentation and communication skills
• Ability to work independently and manage multiple priorities • Collaborative mindset with development teams
• Proactive approach to security and reliability
What You’ll Work With
• Modern cloud-native technology stack
• Microservices architecture with multiple language runtimes
• GitOps-driven deployment workflows
• Comprehensive observability and monitoring stack
• Security-first development practices
2
Career Growth Opportunities
• Lead platform architecture decisions
• Mentor junior engineers
• Drive security initiatives across the organization • Contribute to open-source projects
• Present at conferences and meetups
Devo does not discriminate on the basis of race, color, national origin, religion, gender, age, veteran status, sexual orientation, marital status or disability (in compliance with the Americans with Disabilities Act) with respect to employment opportunities.
Don’t meet every single requirement? At Devo we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.
At Devo, diversity and inclusion means more than treating employees well and making them feel welcome. It is a commitment to hiring people who bring different insights because of their unique perspectives, ways of thinking, and prior experiences.
We intend to continue hiring great people and protecting our culture so everyone can be themselves and speak their minds. That way Devo will always be a place filled with purpose, energy, hard work, thoughtfulness, and respect.
To All Agencies:
Please, no phone calls or emails to any employee of Devo outside of the Talent Acquisition team. Devo's policy is to only accept resumes from agencies via the Devo Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Devo and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid
