Staff DevSecOps Engineer

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether its medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable.

.

We are seeking an experienced DevSecOps Engineer with a strong background in cloud security, infrastructure management, and secure software development. The ideal candidate will have extensive hands-on expertise across major cloud platforms, containerization technologies, and security frameworks. You will be responsible for architecting, implementing, and maintaining secure cloud environments while ensuring that security is seamlessly integrated throughout the development lifecycle.

What youll be doing:

Cloud Infrastructure & Security

• Architect and secure highly available, scalable, and fault-tolerant systems across AWS and Azure environments.
• Design and implement Layer 3/Layer 4 firewalls, network segmentation, and secure routing policies.
• Deploy and manage Intrusion Detection (IDS), Intrusion Prevention (IPS), and Endpoint Detection and Response (EDR) solutions for servers, containers, and cloud workloads.
• Implement container and Kubernetes security for EKS (Amazon Elastic Kubernetes Service) and AKS (Azure Kubernetes Service) — ensuring zero-vulnerability base images, runtime protection, and least-privilege configurations.
• Manage cloud-native security services such as WAF, Shield , CSPM (Cloud Security Posture Management), and CNAPP (Cloud-Native Application Protection Platform).
• Ensure 99.99% uptime while maintaining a strong defense-in-depth security posture.

DevOps & Automation

• Develop and maintain Infrastructure-as-Code (IaC) using Terraform, CloudFormation, and Azure Resource Manager (ARM) templates.
• Build secure CI/CD pipelines integrating SAST, DAST, IaC scanning, container scanning, and EDR integrations for runtime visibility.
• Automate deployments and security validation using Ansible, Chef, Puppet, Jenkins, or GitHub Actions.
• Enforce image signing, vulnerability scanning, and policy enforcement to ensure zero-vulnerability images are promoted to production.
• Integrate open-source and commercial security tools (e.g., Trivy, Aqua, Wiz, Prisma Cloud, Checkov, SonarQube) for continuous assurance.

Security Engineering & Governance

• Implement and maintain CSPM and CNAPP solutions to detect misconfigurations and enforce compliance baselines across AWS and Azure.
• Develop and automate security controls, configuration baselines, and hardening standards using policy-as-code.
• Perform threat modeling, risk analysis, and vulnerability remediation for cloud and containerized workloads.
• Document security architectures, DevSecOps workflows, and compliance evidence.
• Provide security training and awareness sessions for DevOps and development teams.

API & Application Security

• Implement API security best practices, including OAuth2, JWT, rate limiting, and gateway-level authentication.
• Integrate SAST/DAST and dependency scanning tools within CI/CD pipelines.
• Troubleshoot and manage SSL/TLS, certificates, and key rotation processes.
• Enforce secure coding, linting, and code review standards across projects.

Monitoring & Incident Response

• Lead incident detection, containment, and response activities for cloud and containerized workloads.
• Configure and maintain EDR and SIEM/SOAR tools for unified visibility and automated threat response.
• Implement automated response playbooks using AWS Lambda or Azure Functions for real-time mitigation.
• Conduct root cause analysis (RCA) and develop post-incident improvement plans.

Who You Are

• 8+ years of experience in DevSecOps, Cloud Security, or Security Engineering.
• Strong hands-on experience with AWS and Azure, including EKS and AKS security hardening.
• Expertise in EDR implementation and maintenance across cloud and containerized environments.
• Deep understanding of Kubernetes, container security, and zero-vulnerability image pipelines.
• Skilled in integrating SAST, DAST, and IaC security tools into automated CI/CD pipelines.
• Strong experience with CSPM and CNAPP platforms for compliance and risk management.
• Proficiency in Terraform, CloudFormation, ARM, and scripting languages (Python, Bash, PowerShell).
• Solid understanding of network, cloud, and endpoint security principles.
• Strong communicator with the ability to bridge DevOps, Security, and Product teams.
• Proactive learner, passionate about automation and cloud-native security innovation.

Preferred Qualifications

• Certifications: AWS Certified Security – Specialty, Azure Security Engineer Associate, CKS, CISSP, or CEH.
• Hands-on experience with CSPM/CNAPP/EDR platforms (e.g., Lacework, Defender for Cloud, CrowdStrike, ).
• Familiarity with SOC 2, ISO 27001, or NIST frameworks.
• Experience implementing Zero-Trust Architecture.
• Experience mentoring DevOps/Security Engineers and improving team maturity.

Who we are:

Working at FourKites

5 global recharge days, in addition to standard holidays, and a hybrid, flexible approach to work.
Parental leave for all parents, an annual wellness stipend and volunteer days also provide you with time and resources for self care and to care for others.Opportunities throughout the year to learn and celebrate diversity.Access to leading AI tools and foundation models, with the freedom to experiment and find creative ways to be more effective in your roleAnd we're always listening for new ways to support everyone in and out of the office.