DevSecOps Engineer

Summary

Join Bobsled as an experienced DevSecOps Engineer and drive the security, reliability, and operational excellence of our data-sharing platform. You will apply your expertise to complex technical and business challenges, ensuring our infrastructure and pipelines are highly available, scalable, and secure. This role blends SRE, DevOps, and Security, impacting how organizations securely share data globally. As an early hire, you'll shape our team culture and contribute to candidate assessments. The position is exclusively for US or Canadian candidates in the Central or Eastern Time zones. Bobsled offers a comprehensive benefits package.

Requirements

This role is open exclusively to candidates located in the Central Time (CT) or Eastern Time (ET) zones in the USA or Canada

Responsibilities

• Integrate security best practices into CI/CD pipelines, infrastructure as code (IaC), and operational processes
• Ensure Bobsled's multi-cloud infrastructure follows security best practices, including identity and access management (IAM), network security, and encryption
• Design and implement secure, scalable, and reliable systems while enforcing policies around least privilege, zero trust, and compliance frameworks
• Build and maintain pipelines that ensure safe, compliant, and automated deployment of infrastructure and applications
• Establish and continuously improve incident response processes, threat detection, and security observability for our cloud environments
• Develop robust monitoring, logging, and alerting systems for both security and reliability, ensuring visibility into infrastructure and application health
• Implement and manage secure handling of credentials, keys, and secrets in alignment with best practices
• Work cross-functionally to align with security frameworks (SOC 2, ISO 27001, etc.) and assist in compliance efforts

Preferred Qualifications

• 8+ years of experience in SRE, DevOps, or DevSecOps, managing distributed cloud-native systems in production
• Strong background in cloud security principles, with hands-on experience securing AWS, GCP, Azure, and/or OCI environments
• Proficiency in Infrastructure as Code (IaC) tools like Terraform (CDKTF), and experience with Typescript or other modern programming languages
• Expertise in security monitoring and incident response, including logging, SIEM solutions, and forensic analysis
• Deep understanding of modern IAM, role-based access control (RBAC), and secrets management (e.g., HashiCorp Vault, AWS Secrets Manager)
• Experience designing hardened CI/CD pipelines that enforce security policies and compliance requirements
• Knowledge of security compliance frameworks such as SOC 2, NIST, ISO 27001 is a strong plus
• Experience with serverless security, container security (Kubernetes, Docker), and cloud-native security tooling is a plus

Benefits

• Health Insurance (for US employees): Medical (100% paid), dental, and vision benefits for you and your family
• Generous PTO policy and paid parental leave
• Fully upgraded Apple MacBook and 4K monitor (for engineering team only)
• Home office stipend of $1,000
• Flexible work hours in a fully remote work environment
• Fully sponsored individual coaching for all employees to help foster a culture of personal reflection and growth (optional but encouraged)