Staff Security DevOps Engineer

Fivetran Inc.

Job Overview

Location

Denver, Colorado, United States, AMER

Job Type

Full-time

Full Job Description

📋 Description

• As a Staff Security DevOps Engineer at Fivetran, you will play a critical role in securing and optimizing the core infrastructure that enables reliable, automated data integration for thousands of global customers—ensuring that data flows as simply and dependably as electricity.
• You will directly contribute to Fivetran’s mission by hardening containerized Java applications, securing Kubernetes environments across multi-cloud platforms, and embedding security into every layer of the CI/CD pipeline, making the platform more resilient, compliant, and trustworthy.
• Your day-to-day responsibilities include building and optimizing secure Docker images for Java-based services, debugging and tuning application performance in production, and minimizing attack surfaces through image scanning and dependency vulnerability remediation.
• You will develop and maintain Infrastructure-as-Code (Terraform) configurations to automate and secure Kubernetes cluster provisioning across AWS, GCP, and Azure, ensuring consistent, reproducible, and auditable infrastructure deployments.
• You will configure, monitor, and troubleshoot Kubernetes clusters in multi-cloud environments, implementing network policies, service meshes, ingress controls, and runtime security tools to enforce least-privilege access and detect anomalies.
• You will collaborate with engineering teams to design and enhance CI/CD pipelines (using Buildkite, Maven, NPM) by integrating automated security scanning, dependency checks, container image signing, and compliance gates throughout the build lifecycle.
• You will perform advanced cloud networking tasks, including VPC peering, firewall rule optimization, and service-to-service encryption, to isolate workloads and prevent lateral movement in potential breach scenarios.
• You will work closely with developers to embed secure coding practices, provide guidance on Java application hardening (JVM tuning, classpath security, dependency management), and co-own runtime security posture in staging and production.
• You will contribute to proactive threat detection by automating vulnerability scanning pipelines for container images, OS packages, and Java dependencies, triggering alerts and automated remediation via ticketing or GitOps workflows.
• You will partner with infrastructure and security teams to standardize monitoring, logging, and alerting (using Prometheus, Grafana, ELK, or similar) across the platform, ensuring visibility into security events and system health.
• You will participate in broader security initiatives including architecture reviews, threat modeling, incident response drills, compliance audits (SOC 2, ISO 27001), and internal tooling improvements to elevate Fivetran’s overall security maturity.
• You will stay current with evolving container security threats, Kubernetes CVE patches, Java security advisories, and cloud-native best practices, applying this knowledge to continuously improve Fivetran’s security posture and operational efficiency.

🎯 Requirements

• Deep expertise in Docker image creation, optimization, and vulnerability mitigation—specifically for Java-based applications—including experience with multi-stage builds, distroless images, and tools like Trivy or Grype for scanning.
• Extensive hands-on experience deploying, managing, securing, and performance-tuning Kubernetes clusters in production across AWS, GCP, and Azure, including knowledge of RBAC, PSP/OPA, network policies, and service meshes (Istio/Linkerd).
• Senior-level proficiency with Java application lifecycle management: building, profiling, debugging, and optimizing JVM performance in secure, containerized environments using tools like JFR, AsyncProfiler, or JMX.
• Strong infrastructure-as-code skills with Terraform (including modules, state management, and drift detection), plus experience with Helm, Bash, Python, or Go for automation and tool integration.
• Proven ability to design and secure CI/CD pipelines with integrated security scanning (SAST, DAST, SBOM, container signing) using platforms like Buildkite, GitHub Actions, or GitLab CI.
• Excellent communication and collaboration skills, with a track record of working effectively across engineering, infrastructure, and security teams to drive shared outcomes.

🏖️ Benefits

• 100% employer-paid medical insurance for employees and dependents, ensuring comprehensive health coverage with minimal out-of-pocket cost.
• Generous paid time-off (PTO) policy, inclusive parental leave, paid sick time, company holidays, and volunteer days off to support work-life balance and personal well-being.
• RSU stock grants, offering direct ownership in Fivetran’s success and alignment with long-term company growth and innovation.
• Professional development and training opportunities, including conference attendance, certifications, and internal learning platforms to support continuous skill growth.
• Monthly cell phone stipend to support seamless communication for hybrid work.
• Access to an innovative mental health support platform providing therapy, coaching, and self-guided mindfulness resources for employees and their dependents.

Skills & Technologies

Python

Java

AWS

Azure

GCP

DevOps

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Fivetran Inc.

Visit Website

About Fivetran Inc.

Fivetran Inc. provides automated data integration software that replicates application, database, and event data into cloud data warehouses. It manages schema drift, incremental updates, and normalization, enabling analysts to query live data without engineering overhead. The company serves enterprises needing reliable, governed data pipelines across systems like Salesforce, MySQL, and Snowflake. Founded in 2012, it is headquartered in Oakland, California, with global offices, and operates on a subscription revenue model.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.