What you'll doLead the design and operation of a single, auditable security automation pipeline where security controls are authored, reviewed, validated, and deployed
Build drift reconciliation and validation engines that detect and remediate divergence across endpoint, identity, cloud, and vulnerability management domains
- Replace manual console operations with version-controlled, auditable automation built on infrastructure-as-code and configuration management platforms
- Implement and scale infrastructure-as-code deployment patterns and reusable automation components that accelerate delivery of security controls across teams
- Build and maintain continuous integration and continuous deployment pipelines with automated linting, policy-as-code checks, pre-deployment validation gates, and promotion workflows
- Design observability and monitoring pipelines that surface drift, control failures, and deployment health across environments and enable rapid incident detection and response
- Instrument container and Kubernetes security workflows, including image scanning, admission control, runtime policy enforcement, and namespace isolation, to harden cloud-native workloads
- Run the team's sprint cycle with a single backlog, two-week cadence, clear Definition of Done, controlled intake of unplanned work, and disciplined capacity planning
- Integrate automation with existing security and infrastructure tooling while driving the transition from contractor-delivered manual work to engineering-owned automation
- Define, track, and report operational metrics such as toil reduction, bypass rate, change failure rate, drift detection and remediation time, and sprint predictability, using those metrics to drive continuous improvement and postmortems
What's required- Demonstrated experience building and operating security automation pipelines in production environments, including continuous integration and continuous deployment systems, infrastructure-as-code, configuration management, and scripting in PowerShell, Python, or Bash
- Hands-on experience using Terraform, CloudFormation, or Pulumi for infrastructure provisioning and policy enforcement at scale
- Proven experience building and operating CI/CD pipelines in GitHub Actions, GitLab CI, Jenkins, or equivalent, including branching strategies, automated testing, and promotion workflows
- Working knowledge of container orchestration platforms, including Kubernetes cluster operations, Helm chart management, image lifecycle, and admission controller integration
- Experience designing and operating observability stacks using tools such as Prometheus, Grafana, Datadog, or Splunk for infrastructure and security telemetry, alerting, and dashboarding
- Familiarity with policy-as-code frameworks such as Open Policy Agent-including Rego-Sentinel, or Cedar for automated compliance and guardrail enforcement
- Direct people management experience with responsibility for hiring, coaching, development, and accountability to delivery commitments
- Demonstrated experience operating in sprint discipline with ownership of backlog prioritization, capacity planning, and Definition of Done enforcement
- Working knowledge of enterprise security tooling across endpoint detection and response, mobile device management, identity providers, security information and event management, and vulnerability management platforms.
- Commitment to the highest ethical standards
We take care of our peopleWe invest in our people, their careers, their health, and their well-being. When you work here, we provide:
- Fully-paid health care benefits
- Generous parental and family leave policies
- Volunteer opportunities
- Support for employee-led affinity groups representing women, people of color and the LGBT+ community
- Mental and physical wellness programs
- Tuition assistance
- A 401(k) savings program with an employer match and more
The annual base salary range for this role is $250,000-$350,000 (USD), which does not include discretionary bonus compensation or our comprehensive benefits package. Actual compensation offered to the successful candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level, among other things.
