JOBSEARCHER

DevSecOps Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Role: DevSecOps Engineer Work Location: Houston, TX (4 days in office with 1 hybrid day) Number of Positions: 1 Position Type: Fulltime Company Description: Automotive US CITIZENS AND GREEN CARD HOLDERS ARE ENCOURAGED TO APPLY. WE ARE UNABLE TO PROVIDE SPONSORSHIP AT THIS TIME. JOB SUMMARY We're seeking a DevSecOps Engineer to own the secure delivery pipeline and platform foundations across cloud environments. You'll design and automate IAM, infrastructure as code (Terraform), CI/CD (GitHub Actions), and Kubernetes operations, embedding security controls by default and enabling development teams to ship quickly and safely. RESPONSIBILITIESDesign and implement least-privilege IAM (users, roles, policies, SSO/OIDC) across cloud and Kubernetes (RBAC, service accounts, Pod Security Standards).Build/maintain Terraform modules and environments (prod/non-prod), enforce drift detection, and apply policy-as-code (OPA/Conftest, Sentinel, Checkov/tfsec).Own GitHub Actions pipelines (build/test/scan/sign/release), reusable workflows, environment protections, required reviews, and deployment gates.Operate Kubernetes clusters (EKS/AKS/GKE or on-prem): cluster lifecycle, Helm/Kustomize, GitOps (Argo CD/Flux), NetworkPolicies, ingress, secrets.Embed software supply chain security: SCA/SAST/DAST, container/IaC scanning, SBOM generation, image signing (Cosign), provenance (SLSA).Implement secret management (Vault/Secrets Manager/KMS), key rotation, and secure parameter stores.Stand up observability: metrics, logs, traces (Prometheus/Grafana/ELK/Cloud-native), and actionable alerts.Automate incident response runbooks; support on-call for platform/security events.Partner with AppSec and product teams on threat modeling, secure design reviews, and remediation.Contribute to compliance initiatives (SOC 2/ISO 27001) with evidence automation and configuration baselines.Drive cost, reliability, and capacity guardrails; champion platform DX and documentation. QUALIFICATIONS 8+ years in DevOps/Platform/SRE with a security-first mindset.Strong IAM design (cloud + Kubernetes RBAC), OIDC/OAuth2, SSO/IdP (e.g., Okta/Azure Entra).Production Terraform experience (workspaces, modules, remote state, CI-driven plans/applies).Hands-on GitHub Actions (self-hosted runners, OIDC to cloud, environments/protections, matrix builds).Operating Kubernetes in production (Helm, networking, ingress, autoscaling, upgrades, backups/DR).Practical use of security scanners (e.g., Wiz, Trivy/Grype, Dependabot, Checkov/tfsec), and policy-as-code.Proficient with one or more clouds (AWS), Linux, containers, and networking fundamentals.Strong scripting in Python or Bash; Infrastructure troubleshooting and debugging skills.Clear communication, ownership, and ability to drive cross-team initiatives. Nice to HaveHashiCorp Vault, keeper/Kyverno, service mesh (Istio/Linkerd), or CNI like Cilium.GitOps at scale (Argo CD multi-app/multi-cluster), progressive delivery (Argo Rollouts/Flagger).Experience with SIEM, detections, or security data pipelines.Knowledge of data protection (PII), tokenization, and regional compliance.Background in financial/insurance/auto domains (regulated environments). STANDARD BENEFITS • Medical, Dental & Vision- eligible after 30 days of employment • 401K company match is 4% 1:1 - starts day one and you vest after 2 years. • 27 days of PTO in a full year. 10 paid holidays. • Eligible to participate in vehicle program and performance bonuses