{"schemaVersion":"jobsearcher.job.v1","id":"2b625dbadd40d49d68cf8353","url":"https://jobsearcher.com/jobs/2b625dbadd40d49d68cf8353","canonicalUrl":"https://jobsearcher.com/jobs/2b625dbadd40d49d68cf8353","title":"Sr. DevSecOps Engineer (US)","description":"About Craft:\nCraft is the leader in supplier risk intelligence, enabling enterprises to discover, evaluate, and continuously monitor their suppliers at scale. Our AI research and monitoring agents deliver real, actionable intelligence, by operating on top of our unique, proprietary data platform - this helps our customers make better, more informed decisions for their business, faster and strategically secure critical supply chains from risk. Our customers include Fortune 500 companies, government agencies, and global service platforms. We’ve developed distribution partnerships with some of the largest integrators and software platforms globally.\n\nWe are a post-Series B high-growth technology company backed by top-tier investors in Silicon Valley and Europe, headquartered in San Francisco with hubs in Seattle and Warsaw. We support remote and hybrid work, with team members across North America and Europe.\n\nWe are looking for innovative and driven people passionate about building the future of Enterprise Intelligence to join our growing team!\n\nAbout the Role:\nCraft is growing — and we’re looking for a senior engineer to lead one of our most strategically important initiatives: establishing a FedRAMP-authorized cloud environment by defining a secure boundary and hardening our existing cloud platform. This is an initiative with direct impact on Craft’s ability to serve the 40+ federal government agencies we already work with, and to unlock new opportunities across the public sector.\n\nYou’ll own and lead the implementation of security controls, compliance automation, and secure architecture patterns required to achieve and maintain FedRAMP authorization at both Moderate and High impact levels, with alignment to DoW IL2 and IL5 requirements. Working cross-functionally with infrastructure, engineering, and security, you’ll translate NIST 800-53 Rev. 5 requirements into scalable, auditable technical controls across our platform.\n\nThis role reports to and partners closely with Jose M., our Manager of DevSecOps. You’ll lead the FedRAMP readiness effort day-to-day — driving the ATO timeline, shaping the program’s architecture, and upleveling team expertise in FedRAMP and NIST controls. If you want to own something consequential at a company that already has a sponsor and active federal relationships, this is it.\n\nWhat You’ll Do:\n\nLead Craft’s FedRAMP readiness program — defining the roadmap, owning the ATO timeline, and driving execution across engineering and security stakeholders.\n\nDesign and implement AWS GovCloud architecture that meets FedRAMP Moderate and High requirements.\n\nTranslate NIST 800-53 Rev. 5 controls into concrete, auditable, and continuously enforced technical implementations — not just documentation.\n\nBuild and maintain compliance automation tooling to continuously validate control adherence across the environment, reducing manual audit burden.\n\nDevelop and manage secure CI/CD pipelines with integrated security gates, secrets management, and deployment controls appropriate for FedRAMP environments.\n\nAuthor and maintain System Security Plans (SSPs), control implementation statements, and audit evidence packages; work directly with auditors and 3PAOs through assessment cycles.\n\nPerform threat modeling, risk assessments, and security architecture reviews across the platform.\n\nDefine and drive how FedRAMP controls are embedded across the engineering lifecycle, partnering with full-stack, data, and machine learning teams to ensure consistent, scalable adoption.\n\nServe as the internal subject matter expert on FedRAMP, NIST 800-53, and federal compliance — upleveling the broader team’s knowledge as the program matures.\n\nWho You Are:\nRequired\n\nYou have direct, hands-on FedRAMP ATO experience — you’ve been through the process, not just observed it.\n\nYou have strong working knowledge of NIST 800-53 Rev. 5 controls and how to implement them technically, not just document them.\n\nYou have deep hands-on experience securing AWS environments.\n\nYou have direct experience with AWS GovCloud, including its constraints and operational differences from commercial AWS.\n\nYou write advanced Terraform — modules, policy enforcement, and infrastructure that’s auditable by design.\n\nYou’ve built or hardened CI/CD pipelines for secure, compliant deployments — integrating security scanning, secrets management, and access controls.\n\nYou’ve worked directly with auditors and 3PAOs: preparing evidence packages, responding to findings, and supporting assessment activities.\n\nNice to Haves\n\nSOC 2 Type II experience, particularly in environments where mapped or extended to support FedRAMP or NIST frameworks.\n\nExperience securing data platforms such as Databricks, including data isolation and access control patterns.\n\nFamiliarity with AI and LLM security concepts: prompt injection risks, model data isolation, inference boundary controls.\n\nExperience working in a startup or lean DevSecOps environment where you’ve had to build programs pragmatically with limited resources.\n\nWhat We Offer:\n\nCompetitive salary starting at $170,000 USD/ year. This starting number can be increased based on levels of expertise, location, cost of living, taxes, market experience, etc.\n\nEquity at a well-funded, fast-growing startup\n\nUnlimited vacation time so you can take what you need, when you need it\n\n99% covered Health + Dental + Vision insurance for employees and dependents\n\n401K through Empower with options to invest how you want it\n\nA Note to Candidates:\nWe are an equal opportunity employer who values and encourages diversity, equity and belonging at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, caste, or disability status.\n\nDon’t meet every requirement? Studies have shown that women, communities of color and historically underrepresented talent are less likely to apply to jobs unless they meet every single qualification. At Craft, we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we strongly encourage you to apply. You may be just the right candidate for this or other roles!\n\n#J-18808-Ljbffr","company":"Craft Machine","rawCompany":"craft machine","city":"Millbrae","state":"CA","isRemote":false,"isActive":true,"createdAt":"2026-06-20T03:55:36.117Z","occupations":[{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"},{"code":"15-1252.00","title":"Software Developers","slug":"software-developers"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Sr. DevSecOps Engineer (US)","description":"About Craft:\nCraft is the leader in supplier risk intelligence, enabling enterprises to discover, evaluate, and continuously monitor their suppliers at scale. Our AI research and monitoring agents deliver real, actionable intelligence, by operating on top of our unique, proprietary data platform - this helps our customers make better, more informed decisions for their business, faster and strategically secure critical supply chains from risk. Our customers include Fortune 500 companies, government agencies, and global service platforms. We’ve developed distribution partnerships with some of the largest integrators and software platforms globally.\n\nWe are a post-Series B high-growth technology company backed by top-tier investors in Silicon Valley and Europe, headquartered in San Francisco with hubs in Seattle and Warsaw. We support remote and hybrid work, with team members across North America and Europe.\n\nWe are looking for innovative and driven people passionate about building the future of Enterprise Intelligence to join our growing team!\n\nAbout the Role:\nCraft is growing — and we’re looking for a senior engineer to lead one of our most strategically important initiatives: establishing a FedRAMP-authorized cloud environment by defining a secure boundary and hardening our existing cloud platform. This is an initiative with direct impact on Craft’s ability to serve the 40+ federal government agencies we already work with, and to unlock new opportunities across the public sector.\n\nYou’ll own and lead the implementation of security controls, compliance automation, and secure architecture patterns required to achieve and maintain FedRAMP authorization at both Moderate and High impact levels, with alignment to DoW IL2 and IL5 requirements. Working cross-functionally with infrastructure, engineering, and security, you’ll translate NIST 800-53 Rev. 5 requirements into scalable, auditable technical controls across our platform.\n\nThis role reports to and partners closely with Jose M., our Manager of DevSecOps. You’ll lead the FedRAMP readiness effort day-to-day — driving the ATO timeline, shaping the program’s architecture, and upleveling team expertise in FedRAMP and NIST controls. If you want to own something consequential at a company that already has a sponsor and active federal relationships, this is it.\n\nWhat You’ll Do:\n\nLead Craft’s FedRAMP readiness program — defining the roadmap, owning the ATO timeline, and driving execution across engineering and security stakeholders.\n\nDesign and implement AWS GovCloud architecture that meets FedRAMP Moderate and High requirements.\n\nTranslate NIST 800-53 Rev. 5 controls into concrete, auditable, and continuously enforced technical implementations — not just documentation.\n\nBuild and maintain compliance automation tooling to continuously validate control adherence across the environment, reducing manual audit burden.\n\nDevelop and manage secure CI/CD pipelines with integrated security gates, secrets management, and deployment controls appropriate for FedRAMP environments.\n\nAuthor and maintain System Security Plans (SSPs), control implementation statements, and audit evidence packages; work directly with auditors and 3PAOs through assessment cycles.\n\nPerform threat modeling, risk assessments, and security architecture reviews across the platform.\n\nDefine and drive how FedRAMP controls are embedded across the engineering lifecycle, partnering with full-stack, data, and machine learning teams to ensure consistent, scalable adoption.\n\nServe as the internal subject matter expert on FedRAMP, NIST 800-53, and federal compliance — upleveling the broader team’s knowledge as the program matures.\n\nWho You Are:\nRequired\n\nYou have direct, hands-on FedRAMP ATO experience — you’ve been through the process, not just observed it.\n\nYou have strong working knowledge of NIST 800-53 Rev. 5 controls and how to implement them technically, not just document them.\n\nYou have deep hands-on experience securing AWS environments.\n\nYou have direct experience with AWS GovCloud, including its constraints and operational differences from commercial AWS.\n\nYou write advanced Terraform — modules, policy enforcement, and infrastructure that’s auditable by design.\n\nYou’ve built or hardened CI/CD pipelines for secure, compliant deployments — integrating security scanning, secrets management, and access controls.\n\nYou’ve worked directly with auditors and 3PAOs: preparing evidence packages, responding to findings, and supporting assessment activities.\n\nNice to Haves\n\nSOC 2 Type II experience, particularly in environments where mapped or extended to support FedRAMP or NIST frameworks.\n\nExperience securing data platforms such as Databricks, including data isolation and access control patterns.\n\nFamiliarity with AI and LLM security concepts: prompt injection risks, model data isolation, inference boundary controls.\n\nExperience working in a startup or lean DevSecOps environment where you’ve had to build programs pragmatically with limited resources.\n\nWhat We Offer:\n\nCompetitive salary starting at $170,000 USD/ year. This starting number can be increased based on levels of expertise, location, cost of living, taxes, market experience, etc.\n\nEquity at a well-funded, fast-growing startup\n\nUnlimited vacation time so you can take what you need, when you need it\n\n99% covered Health + Dental + Vision insurance for employees and dependents\n\n401K through Empower with options to invest how you want it\n\nA Note to Candidates:\nWe are an equal opportunity employer who values and encourages diversity, equity and belonging at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, caste, or disability status.\n\nDon’t meet every requirement? Studies have shown that women, communities of color and historically underrepresented talent are less likely to apply to jobs unless they meet every single qualification. At Craft, we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we strongly encourage you to apply. You may be just the right candidate for this or other roles!\n\n#J-18808-Ljbffr","datePosted":"2026-06-20T03:55:36.117Z","dateModified":"2026-06-20T03:55:36.117Z","hiringOrganization":{"@type":"Organization","name":"Craft Machine","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Millbrae","addressRegion":"CA","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"2b625dbadd40d49d68cf8353"},"url":"https://jobsearcher.com/jobs/2b625dbadd40d49d68cf8353"}}