Security Research DevOps Engineer

📋 Description

• • Be the backbone of Semperis’ mission to protect every Active Directory & Entra ID environment on earth. As our Security Research DevOps Engineer you will own the automation that turns cutting-edge vulnerability discoveries into customer-ready protection in minutes, not days.
• • Architect, code, and run CI/CD pipelines in Azure DevOps and GitHub Actions that build, unit-test, cryptographically sign, version, package, and deploy security indicators (PowerShell, JSON, KQL, Python) to multiple clouds and on-prem customers at global scale.
• • Partner shoulder-to-shoulder with elite security researchers; when a new AD privilege-escalation or Entra ID misconfiguration is discovered you will design the release workflow, containerize the detector, inject automated regression tests, and push it to production with zero downtime.
• • Guarantee DevSecOps rigor: embed SAST/DAST, secrets scanning, code signing, SBOM generation, and mandatory security gates so that every indicator we ship meets SOC 2 Type II and FedRAMP controls before it reaches a customer forest.
• • Build self-service tooling that lets researchers publish indicators through a ChatOps bot or PR label; abstract away Terraform, Helm, and CosmosDB complexity so scientists focus on logic, not plumbing.
• • Implement blue-green & canary releases for sensitive security content; craft automated rollback triggers that revert a bad indicator within 60 seconds to keep false-positive rates near zero.
• • Instrument full-stack observability: Prometheus, Grafana, Application Insights, and custom PowerShell logs that alert on pipeline failures, signature expiry, or anomalous detector behavior across 2 k+ customer tenants.
• • Manage artifact lifecycle in Azure Artifacts, GitHub Packages, and private blob stores; define retention, legal-hold, and tamper-evident policies that satisfy both ransomware-recovery and compliance auditors.
• • Produce clear runbooks, architecture diagrams, and video walkthroughs; conduct brown-bag sessions that upskill the research team on YAML pipelines, Git hooks, and secure-coding practices.
• • Continuously cost-optimize cloud consumption; right-size agents, adopt spot instances, and introduce incremental builds that cut pipeline spend by 30 % while accelerating feedback loops.
• • Participate in a 24×7 on-call rotation (one week in six) with automated escalations; incidents become post-mortems that feed back into ever-more-resilient automation.
• • Champion an inclusive, remote-first culture: review PRs kindly, mentor junior engineers, and celebrate wins in Slack #victory-lap. Your code literally protects hospitals, governments, and Fortune 500s from identity compromise—there is no bigger adrenaline rush for a DevOps soul who loves security.