DeveloperSecOps Engineer

Summary

Join Authentic8's Security & Reliability Operations (SRO) team as a DevSecOps Engineer, splitting time between the Integrated Operations Center (IOC) and the SRO engineering squad. Safeguard service availability, security, and compliance by monitoring dashboards, resolving incidents, hardening systems, automating processes, and deploying code. You will embody the Operations Charter's tenets and advance the four Operations Objectives. This role involves proactive monitoring, deep engineering tasks, and project work, providing broad expertise in security and reliability. The position reports to the DevSecOps Lead and operates under the guidance of Directors of Security Ops & Engineering and Reliability Ops & Engineering. US Citizenship is required.

Requirements

• US Citizenship Required
• Bachelor’s degree or equivalent experience
• 3 + years hands-on experience in DevSecOps, SRE, security engineering, or systems reliability roles
• Proficiency with Linux (Ubuntu preferred), GitLab, CI/CD, configuration management (Chef or similar), and one or more scripting languages (Python, Bash, Ruby)
• Working knowledge of monitoring/alerting stacks (Grafana, Icinga) and incident platforms (PagerDuty)
• Familiarity with security frameworks and hardening standards (NIST 800-53/171, CIS benchmarks, FedRAMP)
• Clear, concise communicator able to write actionable incident timelines and technical runbooks

Responsibilities

• IOC Monitoring & Incident Response: Keep Icinga, Grafana, and LogRhythm dashboards visible and acted upon at all times, detect, triage, and resolve service or security anomalies; lead first-line response and publish station logs and FLASH/SitRep updates during active incidents
• Security Operations: Perform vulnerability scanning, configuration hardening, and security impact assessments (SIA) for planned changes and develop and tune security detection use-cases; investigate alerts to conclusion
• Technical Operations: Execute patching, build-system management, release deployments, DNS and capacity changes, and routine maintenance windows and own change-management tickets through CCB approval and post-deployment verification
• Code, Automation & Tooling: Write or enhance infrastructure-as-code, CI/CD pipelines, monitoring plugins, and remediation scripts to eliminate toil and follow the SDLC: branch, peer-review, test in QA, and tag in GitLab before Production rollout
• Project & Sprint Work: Deliver project tasks, tuning tickets, and cross-functional requests in weekly sprints and participate in backlog grooming, sprint planning, retrospectives, and daily SitRep meetings
• On-Call Rotation: Serve as primary/secondary on-call outside business hours; acknowledge PagerDuty alerts within 15 minutes and drive resolution or escalation
• Documentation & Compliance Support: Create/maintain runbooks, SOPs, and system documentation; gather evidence for FedRAMP, SOC 2, PCI-DSS and other audits

Preferred Qualifications

• Cloud experience with GCP and/or AWS (compute, networking, IAM, security services)
• Certifications: SECOPS/SRE (GCP Professional DevOps, Linux Foundation KCNA/Kubernetes), Security (CISSP, GCIH), or Cloud/Infra (CKA, RHCE)
• Prior participation in 24 × 7 operations centers or regulated SaaS environments
• Experience building dashboards for SLI/SLO monitoring and error-budget tracking

Benefits

• Medical, dental and vision
• Flexible PTO
• A 401k program
• Stock options