Senior DevSecOps Engineer

Vanilla Forums Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• Own and operate Vanilla’s security tooling stack including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare, ensuring continuous monitoring, alert triage, and response across all security channels.
• Secure AWS infrastructure by reviewing Terraform configurations for security implications, enforcing IAM policies, managing secrets, and implementing encryption standards across systems and networking.
• Serve as the primary point of contact for the vCISO (Latacora), coordinating cloud security posture reviews, endpoint coverage, and 24x7 SOC operations.
• Manage the full lifecycle of annual penetration tests: vendor selection, scoping, remediation tracking, and reporting, while also scoping and coordinating AI-specific red team engagements.
• Run tabletop exercises and maintain the incident response playbook, ensuring readiness for security incidents across engineering and infrastructure teams.
• Build and maintain a multi-quarter security roadmap in partnership with engineering leadership to align security initiatives with product and infrastructure goals.
• Own pre-deployment security gates within CI/CD pipelines, implementing automated checks for vulnerabilities, misconfigurations, and policy violations before code reaches production.
• Lead vulnerability management for application code and third-party libraries, establishing prioritization and remediation workflows across engineering teams.
• Conduct threat modeling for new features, integrations, and architectural changes to identify and mitigate risks early in the development lifecycle.
• Champion secure coding practices across engineering teams through training, code reviews, and documentation to embed security into the development culture.
• Scope, coordinate, and evaluate AI red team exercises targeting Vanilla’s AI-powered estate planning features, assessing risks such as prompt injection, data exfiltration, and model manipulation.
• Implement and maintain guardrails for AI outputs, including controls to prevent misuse of LLMs and ensure compliance with data privacy requirements for PII/PHI in estate and financial documents.
• Establish and enforce data governance practices for sensitive training data used in AI/ML pipelines, ensuring adherence to privacy and regulatory standards.
• Triage and respond to cross-team IT requests with security implications, acting as the operational bridge between engineering, infrastructure, and security teams.
• Collaborate closely with external partners and internal engineering leadership to ensure security initiatives are integrated into product development cycles without impeding velocity.
• Operate in a fast-moving Series B environment with high autonomy, owning end-to-end execution of security programs without reliance on large compliance or audit teams.

🎯 Requirements

• Hands-on AWS experience: infrastructure, networking, and cloud security posture
• Experience with infrastructure-as-code (Terraform or CloudFormation)
• Strong understanding of IAM, network security, encryption, and secrets management
• Hands-on vulnerability management experience: scanning, triage, remediation workflows
• Experience with threat modeling, secure code review, and CI/CD security gating
• Strong scripting and automation skills (Python, Bash, or similar)

🏖️ Benefits

• Flexible paid time off policy and 10 company-wide paid holidays
• Parental leave: 6 weeks for all full-time employees and up to 14 weeks for birthing parents
• Medical, dental, and vision benefits coverage for employees and their families
• 401K eligibility after one month of employment
• Free estate planning documents
• Budget for learning & development and home office setup
• Paid parking or transit for hybrid and in office employees

Skills & Technologies

Python

AWS

Terraform

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Vanilla Forums Inc.

Visit Website

About Vanilla Forums Inc.

Vanilla provides open-source and SaaS community forum software that helps organizations create, manage and grow customer communities. The platform offers customizable discussion boards, moderation tools, analytics, single sign-on, integrations with CRM and support systems, and gamification features. It serves enterprises, gaming companies, and support teams seeking to reduce support costs, increase customer engagement, and gather product feedback through structured online conversations.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.