Share this job
DevSecOps Engineer
Houston, TX
Apply for this job

Role:                                            DevSecOps Engineer

Work Location:                           Houston, TX (4 days in office with 1 hybrid day)

Number of Positions:                1

Position Type:                            Fulltime

Company Description:               Automotive

 

US CITIZENS AND GREEN CARD HOLDERS ARE ENCOURAGED TO APPLY. WE ARE UNABLE TO PROVIDE SPONSORSHIP AT THIS TIME.

 

JOB SUMMARY

We’re seeking a DevSecOps Engineer to own the secure delivery pipeline and platform foundations across cloud environments. You’ll design and automate IAM, infrastructure as code (Terraform), CI/CD (GitHub Actions), and Kubernetes operations, embedding security controls by default and enabling development teams to ship quickly and safely.


RESPONSIBILITIES

  • Design and implement least-privilege IAM (users, roles, policies, SSO/OIDC) across cloud and Kubernetes (RBAC, service accounts, Pod Security Standards).
  • Build/maintain Terraform modules and environments (prod/non-prod), enforce drift detection, and apply policy-as-code (OPA/Conftest, Sentinel, Checkov/tfsec).
  • Own GitHub Actions pipelines (build/test/scan/sign/release), reusable workflows, environment protections, required reviews, and deployment gates.
  • Operate Kubernetes clusters (EKS/AKS/GKE or on-prem): cluster lifecycle, Helm/Kustomize, GitOps (Argo CD/Flux), NetworkPolicies, ingress, secrets.
  • Embed software supply chain security: SCA/SAST/DAST, container/IaC scanning, SBOM generation, image signing (Cosign), provenance (SLSA).
  • Implement secret management (Vault/Secrets Manager/KMS), key rotation, and secure parameter stores.
  • Stand up observability: metrics, logs, traces (Prometheus/Grafana/ELK/Cloud-native), and actionable alerts.
  • Automate incident response runbooks; support on-call for platform/security events.
  • Partner with AppSec and product teams on threat modeling, secure design reviews, and remediation.
  • Contribute to compliance initiatives (SOC 2/ISO 27001) with evidence automation and configuration baselines.
  • Drive cost, reliability, and capacity guardrails; champion platform DX and documentation.


QUALIFICATIONS

  • 8+ years in DevOps/Platform/SRE with a security-first mindset.
  • Strong IAM design (cloud + Kubernetes RBAC), OIDC/OAuth2, SSO/IdP (e.g., Okta/Azure Entra).
  • Production Terraform experience (workspaces, modules, remote state, CI-driven plans/applies).
  • Hands-on GitHub Actions (self-hosted runners, OIDC to cloud, environments/protections, matrix builds).
  • Operating Kubernetes in production (Helm, networking, ingress, autoscaling, upgrades, backups/DR).
  • Practical use of security scanners (e.g., Wiz, Trivy/Grype, Dependabot, Checkov/tfsec), and policy-as-code.
  • Proficient with one or more clouds (AWS), Linux, containers, and networking fundamentals.
  • Strong scripting in Python or Bash; Infrastructure troubleshooting and debugging skills.
  • Clear communication, ownership, and ability to drive cross-team initiatives.

 

Nice to Have

  • HashiCorp Vault, keeper/Kyverno, service mesh (Istio/Linkerd), or CNI like Cilium.
  • GitOps at scale (Argo CD multi-app/multi-cluster), progressive delivery (Argo Rollouts/Flagger).
  • Experience with SIEM, detections, or security data pipelines.
  • Knowledge of data protection (PII), tokenization, and regional compliance.
  • Background in financial/insurance/auto domains (regulated environments).


STANDARD BENEFITS

·      Medical, Dental & Vision- eligible after 30 days of employment

·      401K company match is 4% 1:1 - starts day one and you vest after 2 years.

·      27 days of PTO in a full year. 10 paid holidays.

·      Eligible to participate in vehicle program and performance bonuses



Apply for this job
Powered by