{"schemaVersion":"jobsearcher.job.v1","id":"adafc9df81256e9fce5d10d5","url":"https://jobsearcher.com/jobs/adafc9df81256e9fce5d10d5","canonicalUrl":"https://jobsearcher.com/jobs/adafc9df81256e9fce5d10d5","title":"DevSecOps Engineer","description":"Role: DevSecOps Engineer Work Location: Houston, TX (4 days in office with 1 hybrid day) Number of Positions: 1 Position Type: Fulltime Company Description: Automotive US CITIZENS AND GREEN CARD HOLDERS ARE ENCOURAGED TO APPLY. WE ARE UNABLE TO PROVIDE SPONSORSHIP AT THIS TIME. JOB SUMMARY We're seeking a DevSecOps Engineer to own the secure delivery pipeline and platform foundations across cloud environments. You'll design and automate IAM, infrastructure as code (Terraform), CI/CD (GitHub Actions), and Kubernetes operations, embedding security controls by default and enabling development teams to ship quickly and safely. RESPONSIBILITIESDesign and implement least-privilege IAM (users, roles, policies, SSO/OIDC) across cloud and Kubernetes (RBAC, service accounts, Pod Security Standards).Build/maintain Terraform modules and environments (prod/non-prod), enforce drift detection, and apply policy-as-code (OPA/Conftest, Sentinel, Checkov/tfsec).Own GitHub Actions pipelines (build/test/scan/sign/release), reusable workflows, environment protections, required reviews, and deployment gates.Operate Kubernetes clusters (EKS/AKS/GKE or on-prem): cluster lifecycle, Helm/Kustomize, GitOps (Argo CD/Flux), NetworkPolicies, ingress, secrets.Embed software supply chain security: SCA/SAST/DAST, container/IaC scanning, SBOM generation, image signing (Cosign), provenance (SLSA).Implement secret management (Vault/Secrets Manager/KMS), key rotation, and secure parameter stores.Stand up observability: metrics, logs, traces (Prometheus/Grafana/ELK/Cloud-native), and actionable alerts.Automate incident response runbooks; support on-call for platform/security events.Partner with AppSec and product teams on threat modeling, secure design reviews, and remediation.Contribute to compliance initiatives (SOC 2/ISO 27001) with evidence automation and configuration baselines.Drive cost, reliability, and capacity guardrails; champion platform DX and documentation. QUALIFICATIONS 8+ years in DevOps/Platform/SRE with a security-first mindset.Strong IAM design (cloud + Kubernetes RBAC), OIDC/OAuth2, SSO/IdP (e.g., Okta/Azure Entra).Production Terraform experience (workspaces, modules, remote state, CI-driven plans/applies).Hands-on GitHub Actions (self-hosted runners, OIDC to cloud, environments/protections, matrix builds).Operating Kubernetes in production (Helm, networking, ingress, autoscaling, upgrades, backups/DR).Practical use of security scanners (e.g., Wiz, Trivy/Grype, Dependabot, Checkov/tfsec), and policy-as-code.Proficient with one or more clouds (AWS), Linux, containers, and networking fundamentals.Strong scripting in Python or Bash; Infrastructure troubleshooting and debugging skills.Clear communication, ownership, and ability to drive cross-team initiatives. Nice to HaveHashiCorp Vault, keeper/Kyverno, service mesh (Istio/Linkerd), or CNI like Cilium.GitOps at scale (Argo CD multi-app/multi-cluster), progressive delivery (Argo Rollouts/Flagger).Experience with SIEM, detections, or security data pipelines.Knowledge of data protection (PII), tokenization, and regional compliance.Background in financial/insurance/auto domains (regulated environments). STANDARD BENEFITS • Medical, Dental & Vision- eligible after 30 days of employment • 401K company match is 4% 1:1 - starts day one and you vest after 2 years. • 27 days of PTO in a full year. 10 paid holidays. • Eligible to participate in vehicle program and performance bonuses","company":"Paradigm Group","rawCompany":"paradigm group","city":"Houston","state":"TX","isRemote":false,"isActive":false,"createdAt":"2026-06-30T00:12:02.462Z","occupations":[{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"},{"code":"15-1252.00","title":"Software Developers","slug":"software-developers"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"DevSecOps Engineer","description":"Role: DevSecOps Engineer Work Location: Houston, TX (4 days in office with 1 hybrid day) Number of Positions: 1 Position Type: Fulltime Company Description: Automotive US CITIZENS AND GREEN CARD HOLDERS ARE ENCOURAGED TO APPLY. WE ARE UNABLE TO PROVIDE SPONSORSHIP AT THIS TIME. JOB SUMMARY We're seeking a DevSecOps Engineer to own the secure delivery pipeline and platform foundations across cloud environments. You'll design and automate IAM, infrastructure as code (Terraform), CI/CD (GitHub Actions), and Kubernetes operations, embedding security controls by default and enabling development teams to ship quickly and safely. RESPONSIBILITIESDesign and implement least-privilege IAM (users, roles, policies, SSO/OIDC) across cloud and Kubernetes (RBAC, service accounts, Pod Security Standards).Build/maintain Terraform modules and environments (prod/non-prod), enforce drift detection, and apply policy-as-code (OPA/Conftest, Sentinel, Checkov/tfsec).Own GitHub Actions pipelines (build/test/scan/sign/release), reusable workflows, environment protections, required reviews, and deployment gates.Operate Kubernetes clusters (EKS/AKS/GKE or on-prem): cluster lifecycle, Helm/Kustomize, GitOps (Argo CD/Flux), NetworkPolicies, ingress, secrets.Embed software supply chain security: SCA/SAST/DAST, container/IaC scanning, SBOM generation, image signing (Cosign), provenance (SLSA).Implement secret management (Vault/Secrets Manager/KMS), key rotation, and secure parameter stores.Stand up observability: metrics, logs, traces (Prometheus/Grafana/ELK/Cloud-native), and actionable alerts.Automate incident response runbooks; support on-call for platform/security events.Partner with AppSec and product teams on threat modeling, secure design reviews, and remediation.Contribute to compliance initiatives (SOC 2/ISO 27001) with evidence automation and configuration baselines.Drive cost, reliability, and capacity guardrails; champion platform DX and documentation. QUALIFICATIONS 8+ years in DevOps/Platform/SRE with a security-first mindset.Strong IAM design (cloud + Kubernetes RBAC), OIDC/OAuth2, SSO/IdP (e.g., Okta/Azure Entra).Production Terraform experience (workspaces, modules, remote state, CI-driven plans/applies).Hands-on GitHub Actions (self-hosted runners, OIDC to cloud, environments/protections, matrix builds).Operating Kubernetes in production (Helm, networking, ingress, autoscaling, upgrades, backups/DR).Practical use of security scanners (e.g., Wiz, Trivy/Grype, Dependabot, Checkov/tfsec), and policy-as-code.Proficient with one or more clouds (AWS), Linux, containers, and networking fundamentals.Strong scripting in Python or Bash; Infrastructure troubleshooting and debugging skills.Clear communication, ownership, and ability to drive cross-team initiatives. Nice to HaveHashiCorp Vault, keeper/Kyverno, service mesh (Istio/Linkerd), or CNI like Cilium.GitOps at scale (Argo CD multi-app/multi-cluster), progressive delivery (Argo Rollouts/Flagger).Experience with SIEM, detections, or security data pipelines.Knowledge of data protection (PII), tokenization, and regional compliance.Background in financial/insurance/auto domains (regulated environments). STANDARD BENEFITS • Medical, Dental & Vision- eligible after 30 days of employment • 401K company match is 4% 1:1 - starts day one and you vest after 2 years. • 27 days of PTO in a full year. 10 paid holidays. • Eligible to participate in vehicle program and performance bonuses","datePosted":"2026-06-30T00:12:02.462Z","dateModified":"2026-06-30T00:12:02.462Z","hiringOrganization":{"@type":"Organization","name":"Paradigm Group","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Houston","addressRegion":"TX","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"adafc9df81256e9fce5d10d5"},"url":"https://jobsearcher.com/jobs/adafc9df81256e9fce5d10d5"}}