Senior DevSecOps Engineer - Cloud Security Focus

About the Role

We are seeking a Senior DevSecOps Engineer to join our team at Alpaca. This remote role focuses on the intersection of security, reliability, and DevOps, where you will design and implement resiliency across our cloud platform and CI/CD pipelines. You will embed 'security as code' and help lead incident response for high-severity outages, ensuring safe and fast delivery at scale.

What You'll Do

• Embed security throughout our infrastructure and software development lifecycle, enhancing cyber resilience and driving a strong security culture.
• Secure SDLC Integration: Implement and own secure controls in CI/CD pipelines, including Infrastructure as Code (IaC) scanning and Software Composition Analysis (SCA).
• Lead the process of vulnerability and patch management, automating discovery, prioritization, and remediation across all cloud workloads.
• Strengthen cloud and Kubernetes environments through secure configurations and automated compliance against industry standards.
• Advance the security of the software supply chain, focusing on generating Software Bill of Materials (SBOMs) and implementing integrity controls.
• Develop secure deployment patterns, such as canary rollouts and automated safe rollbacks, to minimize blast radius.
• Improve detection and response capabilities by building high-signal alerts and enhancing forensic logging.
• Conduct security reviews and threat modeling for new services to ensure designs are secure-by-default.

Requirements

• 5+ years of experience in DevSecOps, security engineering, or cloud security in a modern cloud-native environment.
• Strong hands-on experience with CSPs, Kubernetes, Terraform, and container security.
• Deep understanding of secure CI/CD, including IaC security and policy-as-code.
• Experience automating vulnerability management and patching workflows across cloud and container ecosystems.
• Proficient in a scripting/programming language (Python, Go, or similar) for automation and security tooling.

Nice to Have

• Experience securing financial or highly regulated platforms.
• Knowledge of regulatory frameworks common in fintech (SOC 2, ISO 27001, PCI).
• Familiarity with offensive security and penetration testing.
• Security or cloud certifications (CISSP, OSCP, GIAC).

What We Offer

• Competitive Salary & Stock Options.
• Health Benefits.
• New Hire Home-Office Setup: One-time USD $500.
• Monthly Stipend: USD $150 per month via a Brex Card.