About the RoleWe are hiring a Platform DevSecOps Engineer to take total ownership of the Secure Software Development Lifecycle (SSDLC) for our agent harness (the platform on which our AI agents run) and the agents themselves. You will be the single point of accountability for security across how these systems are built, configured, deployed, and operated, and the internal champion who makes secure-by-default the path of least resistance for every team that touches them. This is a hands-on platform security role, not a governance or compliance-desk role: you will live in the pipelines, the infrastructure-as-code, the Kubernetes clusters, and the secrets management, and you will spend as much time influencing people as you do writing configuration.
This role does not cover overall corporate security governance, including IT/fleet and device management, endpoint administration, or corporate compliance-framework attestation (SOC 2, ISO 27001, and similar). Those sit with our corporate security and IT functions, and you will collaborate with them where platform security intersects without being accountable for them.
Responsibilities- Own end-to-end SSDLC for the agent harness and the agents: threat modeling, secure design review, pre-merge scanning, supply-chain integrity, runtime hardening, and vulnerability remediation from discovery through verified rollout
- Define security best practices for base-platform and agent configuration, encoding them into the GitOps and CI/CD paths so they're enforced automatically rather than by memo, and hold the line on them in review
- Drive supply-chain security, including SBOM/VEX generation, dependency provenance, artifact signing/promotion controls, and keeping build and dependency resolution flowing through trusted internal registries rather than the open internet
- Drive CVE remediation campaigns across multiple clusters and cloud accounts to measurable targets (e.g., zero critical findings), coordinating rollouts without regressing running workloads
- Enforce secrets and identity hygiene, including encrypted-at-rest secrets in GitOps, workload identity federation, and least-privilege access across cloud and cluster
- Partner with platform engineers, application/agent developers, SRE, and non-technical stakeholders (product, leadership, customer-facing teams) to move security objectives forward and translate risk into terms each audience acts on
Minimum Qualifications- Deep, practical DevSecOps experience securing real pipelines and real clusters, not just writing policy about them
- Fluency with GitOps as the mechanism for change, and the instinct to enforce security in the pipeline rather than around it
- Strong multi-cloud Kubernetes security background (AWS and/or Azure)
- A track record of driving vulnerability remediation to completion across a fleet without breaking production
- Excellent communication skills, able to make a security case land with a staff engineer and with a non-technical executive in the same conversation
- An ownership mindset, treating total ownership of the SSDLC as a mandate rather than a slogan
Preferred Qualifications- Direct experience with our stack: Kubernetes on AWS EKS and Azure AKS, Terraform/Terragrunt, Helm/Helmfile, and ArgoCD for GitOps-driven continuous delivery
- Experience with GitHub Actions and OIDC-based cloud authentication, SAST tooling (e.g., CodeQL), and SBOM/VEX generation and consumption
- Experience with artifact registries and promotion/signing controls (e.g., JFrog Artifactory, container and OCI registries)
- Experience with SOPS-encrypted secrets, workload identity (AWS IRSA, Azure Workload Identity), and cloud IAM/RBAC and KMS/Key Vault
- Relevant certifications such as CKS, CKA/CKAD, AWS Certified Security - Specialty, AZ-500, Terraform Associate, GIAC GCSA/GCLD, CISSP, or Security+ (none strictly required, but signal relevant depth)
Why Join Us?- A high-performance culture
- State-of-the-art technology
- Experience world-class leadership
- Scale of impact and purpose
- A competitive salary and a huge growth trajectory
- Work with the best in the industry
- Flexible work environment
- Diversity and creativity