Devsecops Engineer

Devsecops Engineer

What You'll Do :

• Build and own our

  threat detection and incident response

  capabilities from the ground up.
• Monitor logs and alerts across AWS, endpoints, and internal tools using our SIEM and detection stack.
• Investigate and respond to security incidents (cloud misconfigurations, suspicious logins, malware, etc.).
• Tune alerts, write detection rules, and automate noisy signal reduction.
• Collaborate closely with DevOps/IT and Engineering to improve system hardening, access controls, and CI/CD security.
• Lead vulnerability management across infrastructure (cloud, containers, laptops).
• Build playbooks for common threat scenarios and ensure were always ready.
• Assist with internal security reviews, SOC2, ISO 27001, HIPAA compliance, and security questionnaires.
• Collaborate with engineering, product, and business teams to embed security into the SDLC.

What You Bring :

• 4 - 5 years of experience in Security Operations,

  Incident Response

  , or

  SOC

  environment.
• Strong understanding of

  network security

  ,

  endpoint security

  , and

  cloud security (AWS, GCP, or Azure)

  .
• Hands-on with tools like

  CrowdStrike / SentinelOne

  ,

  Wazuh / OSQuery

  ,

  AWS GuardDuty / CloudTrail

  , Prisma Cloud or similar.
• Comfortable navigating

  Linux, AWS CLI, IAM policies

  , and

  cloud networking logs

  .
• Strong understanding of attacker behavior (MITRE ATT&CK, basic forensics).
• Good scripting skills (Python, Bash, or similar) for automation.
• Knowledge of vulnerability management tools (e.g., Nessus, Qualys, AWS Inspector).
• Able to balance move fast culture with “secure by default” practices.
• Understanding of security standards and frameworks:

  NIST

  ,

  CIS

  ,

  SOC 2

  ,

  ISO 27001

  .

Bonus Points :

• Security certifications:

  OSCP, GCIA, GCIH, CEH, or AWS Security Specialty

• Experience with startups, small teams, or wearing multiple hats.
• Familiarity with Kubernetes, container security, or DevSecOps pipelines.
• Familiar with frameworks like SOC 2, ISO 27001, or CIS benchmarks.
• Experience building detection rules for open-source SIEMs (Elastic, Wazuh, etc.).
• Previous experience running security in cloud-native stacks (serverless, microservices, etc.).

What You’ll Love Here :

• Huge ownership and ability to influence security decisions.
• Work closely with founders, engineers, and DevOps /IT — not siloed in a SOC.
• Real-world challenges, not “checkbox security.”
• Fast learning loop and room to grow into Lead/Head of Security as we scale.