Senior DevSecOps / Platform Security Engineer (AWS + Kubernetes)

📋 Description

• • DEFCON AI is at the forefront of leveraging artificial intelligence, mathematical optimization, data analytics, and software engineering to build resilient systems capable of navigating and mitigating disruptions in an increasingly dynamic world. Our technology empowers customers to anticipate, assess, and proactively manage the impacts of unforeseen events, aligning operational goals with desired outcomes for better decision-making.
• • We are seeking a highly skilled and motivated Senior DevSecOps / Platform Security Engineer to join our innovative team. This is a hands-on role where you will be instrumental in building, operating, and enhancing production security controls across our robust AWS and Kubernetes platform. Your primary focus will be on designing and implementing essential guardrails that embed security into the development lifecycle, making secure delivery the default and seamless experience for our engineering teams.
• • You will own critical platform security capabilities, including the automation of security within our CI/CD pipelines. This involves integrating tools and workflows for Static Application Security Testing (SAST), Software Composition Analysis (SCA), secrets scanning, and Infrastructure as Code (IaC) scanning. Your efforts will ensure that security checks are performed early and often, catching vulnerabilities before they reach production.
• • A significant part of your role will be dedicated to establishing and maintaining comprehensive software supply chain controls. This includes implementing Software Bill of Materials (SBOM) generation and management, artifact and container image signing and verification processes, and robust provenance and promotion workflows. These measures are crucial for ensuring the integrity and trustworthiness of the software we deploy.
• • You will also be responsible for implementing and enforcing Kubernetes security policies and admission controls. This involves leveraging policy-as-code principles to define and enforce platform security guardrails, ensuring that workloads running on our Kubernetes clusters adhere to defined security baselines and configurations.
• • In close partnership with our Platform/SRE and Security/GRC teams, you will co-own the security of our AWS environment. This includes defining and implementing secure IAM patterns, establishing comprehensive logging and detection mechanisms, and ensuring adherence to network and encryption baselines. Your contributions will be vital in maintaining a secure and compliant cloud infrastructure.
• • You will collaborate closely with the Security/GRC team to interpret security requirements and provide necessary evidence for audits. A key aspect of your role will be translating these requirements into practical, automated guardrails that are embedded directly into our engineering systems and pipelines, streamlining compliance efforts.
• • Your responsibilities will extend to designing, building, and maintaining scalable CI/CD security controls that can be adopted across multiple repositories and teams. This includes developing reusable pipeline components, templates, and establishing clear standards to ensure consistency and efficiency.
• • You will implement a robust Kubernetes security architecture, including hardening RBAC configurations, establishing workload security baselines, and deploying admission policies and network policies. As applicable, you will also contribute to secure multi-tenant patterns within our Kubernetes environment.
• • A critical focus area is improving container security across the entire lifecycle, from selecting secure base images and implementing effective vulnerability scanning to controlling registry access, signing images, and managing promotion workflows.
• • You will operationalize vulnerability management processes, focusing on risk-based prioritization, establishing measurable remediation Service Level Agreements (SLAs), and developing dashboards and metrics to track key indicators such as Mean Time To Remediate (MTTR), exposure trends, and top recurring root causes.
• • Driving developer enablement is paramount. You will achieve this through providing clear and concise documentation, conducting lightweight design reviews and threat modeling for high-impact changes, hosting office hours, and embedding high-signal guidance directly within the tooling developers use daily.
• • This role carries real production responsibility. You will not just be providing recommendations; you will be shipping code and infrastructure, directly owning the reliability and outcomes of the security controls you build. You will also participate in an on-call rotation, responding to incidents related to platform security controls and pipeline reliability, with the scope aligned with Platform/SRE responsibilities.
• • You will support delivery into regulated environments, working closely with Security/GRC to implement engineering-owned controls and generate audit-ready evidence. This involves translating complex regulatory requirements, such as NIST SP 800-171 and CMMC expectations, into practical, automated guardrails within our CI/CD, AWS, and Kubernetes ecosystems.
• • Our approach is pragmatic and automation-first, aiming for secure-by-default, low-friction workflows. We foster close partnerships with Platform/SRE and Security/GRC, ensuring clear ownership and measurable outcomes. Our focus is on building durable systems through scalable guardrails, templates, and controls that benefit all teams.
• • We value analytical aptitude, effective communication to distill technical complexities, and an adaptive nature to thrive in a fast-paced tech landscape. Experience with agile methodologies and version control tools is essential. While formal education is a plus, we prioritize hands-on experience and demonstrable skills, valuing continuous learning and staying current with technology trends and best practices.