DIRECTOR OF DEVOPS/SECOPS

ABOUT THE ROLE

We're looking for a Director of Dev/SecOps to own the security posture and operational foundation across ServiceCore's entire cloud environment. This is a security-first leadership role - you'll be the person who makes sure we build and ship software the right way: securely, reliably, and at speed.

You'll be operating across two distinct cloud platforms: ServiceCore runs on AWS, while Docket runs on GCP with Firebase at its core. That means you're not just securing one stack - you're building a unified security program across two cloud providers, two codebases, and 20+ third-party integrations.

We're also an AI-first development organization, and that creates a genuinely new set of responsibilities for this role. We're already using a wide range of AI tools across engineering; you'll be the person who governs that toolchain: helping us evaluate what to adopt, setting the policies that protect our customers' data, and making sure our AI usage doesn't become a security liability as we scale.

This role reports to senior leadership and owns the security roadmap end-to-end. It's a builder role - you'll inherit a solid foundation and have the mandate to make it great.

WHAT YOU'LL DO

AI Tool Governance & Security

• Partner with the AI Council and Engineering Directors to build our AI tool evaluation framework - define the security, privacy, and compliance criteria we use to assess every new AI tool before adoption
• Govern our multi-LLM provider relationships - review data processing agreements, audit data retention policies, and ensure contractual protections for customer data
• Establish and enforce policies around what data can flow through AI services: PII boundaries, source code confidentiality rules, and customer data handling requirements for coding assistants, LLM APIs, and agentic tools
• Secure MCP-connected agents that have access to internal systems - define least-privilege access models, audit trails, and data egress controls
• Define secure patterns for integrating LLM capabilities into our products - prompt injection defenses, output validation, model access controls, and logging/observability for AI-driven features
• Build and maintain an AI tool inventory with risk classifications; lead periodic reviews as the landscape evolves
• Partner with engineering and product to help us get the productivity benefits of AI without creating new risk exposure

Security Leadership

• Own and continuously improve our security posture across AWS and GCP/Firebase
• Lead threat modeling, vulnerability management, and security incident response programs
• Establish and enforce security policies, standards, and controls across the full SDLC
• Champion a security-first engineering culture - make secure the path of least resistance for developers
• Manage relationships with external auditors, penetration testers, and compliance bodies

Compliance & Risk

• Drive and maintain SOC 2 Type II compliance; own evidence collection and audit processes across both platforms
• Manage PCI-DSS considerations across payment processor integrations
• Build and maintain a risk register; proactively surface and prioritize risks to leadership
• Own third-party vendor security reviews across our 20+ integration partners - including AI vendors
• Monitor regulatory developments relevant to SaaS, AI, and the industries we serve

DevOps & Platform Engineering

• Secure CI/CD pipelines across both cloud environments - secrets management, dependency scanning, SAST/DAST
• Lead infrastructure-as-code strategy and ensure security guardrails are built in by default
• Own cloud security architecture
• Secure Cloudflare CDN/WAF configuration, DDoS posture, and DNS hygiene
• Drive incident response readiness: runbooks, on-call processes, post-mortems, and SLA accountability

Team & Cross-Functional Leadership

• Hire, develop, and lead a DevSecOps team; build the function on a strong foundation
• Collaborate with engineering leads on architectural decisions that carry security implications
• Report to senior leadership on security metrics, risk posture, compliance status, and AI tool governance
• Serve as the internal expert and educator on security and AI risk topics across the organization

WHAT YOU'LL BRING

• 10+ years of experience in DevOps, SecOps, or a combined DevSecOps role
• 3+ years in a leadership or management capacity with direct reports
• Deep hands-on experience with AWS security: IAM, VPC, ECS, Lambda, SQS, RDS, DynamoDB, Secrets Manager, CloudWatch, CloudFormation
• Meaningful experience with GCP and/or Firebase: Firestore security rules, Cloud Functions security, GCP IAM, service account management
• Experience owning or significantly contributing to SOC 2 Type II audits
• Strong background in securing CI/CD pipelines and containerized workloads (Docker, ECS or EKS)
• Demonstrated experience governing third-party integrations and API security at scale
• Working knowledge of SAST, DAST, SCA, dependency scanning, and secrets management tooling
• A real point of view on AI tool security - you understand the risks of coding assistants, LLM APIs, MCP-connected agents, and AI embedded in developer workflows, and you know how to manage them without killing productivity
• Ability to communicate risk and security concepts clearly to non-technical audiences and executives
• Background in SaaS with understanding of multi-tenant security architecture

NICE TO HAVE

• Relevant certifications: CISSP, AWS Security Specialty, Google Professional Cloud Security Engineer, CCSP, or equivalent
• Experience with PCI-DSS compliance in a SaaS context
• Familiarity with Cloudflare security features: WAF, Zero Trust, Workers, DDoS protection
• Experience securing PHP legacy applications alongside modern microservices
• Hands-on experience with vector database security (e.g., Qdrant) or AI/ML pipeline security
• Experience defining data governance policies for AI tools in a software engineering organization
• Background building DevSecOps functions from scratch at a growth-stage company

You'll have real ownership, a seat at the table, and the mandate to build a security program you're proud of. We move fast but not recklessly. We take AI seriously as a productivity multiplier - and we take the responsibility that comes with it equally seriously. This is the right role for someone who wants to do both.

• Base Salary: $190,000-$225,000 (Dependent on Experience)
• 14 Company Holidays in addition to an Open Time Off policy
• Healthcare, dental and vision insurance with generous employer contributions
• 401(k) w/ match
• Regular lunches and a fully-stocked kitchen (if in Denver)
• Bi-weekly Grubhub lunch stipend for remote folks
• Company-provided hardware of your choice/configuration
• A Strong Company Culture that Lives by Our Core Values - Love our Customers, Be Real, Give a Shit, Deliver Results, and Keep it Fun.

HOW TO APPLY

Apply through our careers page or reach out to our recruiting team. Our interview process is designed to be respectful of your time and give you a real look at who we are and how we work.

careers.servicecore.com