The DevSecOps Engineer will own the intersection of security, reliability, and DevOps at Alpaca, designing and implementing resiliency across cloud platforms and CI/CD pipelines. This role involves embedding 'security as code,' leading incident response for high-severity outages, and partnering with engineering teams to enable secure, fast delivery at scale while reporting to the CISO with a dotted line into Engineering.
What You'll Do
- Embed security into CI/CD pipelines by implementing and owning secure controls, including Infrastructure as Code (IaC) scanning, Software Composition Analysis (SCA), secrets checks, policy-as-code, and deployment guardrails.
- Lead the process of vulnerability and patch management, automating discovery, prioritization, and remediation across all cloud workloads and their dependencies.
- Strengthen cloud and Kubernetes environments through secure configurations, network segmentation, workload identity management, and automated compliance against industry standards (e.g., CSA Star).
- Advance the security of the software supply chain, focusing on generating Software Bill of Materials (SBOMs), artifact signing, dependency governance, and implementing integrity controls.
- Create secure 'paved roads' for developers, providing hardened IaC modules, templates, tooling, and comprehensive documentation.
- Own and validate cyber-resiliency standards (secure failover, secure backups, Disaster Recovery playbooks) through secure rehearsals to ensure both the availability and integrity of systems and data.
- Develop secure deployment patterns, such as canary rollouts, automated safe rollbacks, and guardrails to minimize blast radius.
- Improve detection and response capabilities by building high-signal alerts, enhancing forensic logging, and providing robust security telemetry.
- Partner with the SecOps team on incident handling.
- Help manage offensive security engagements (penetration testing, red team, bug bounty) and ensure findings are fed directly into remediation pipelines and risk prioritization.
- Conduct security reviews and threat modeling for all new services and major architecture changes to ensure designs are secure-by-default.
- Strengthen the identity and access model by enforcing the principle of least privilege, strong authentication, and secure secrets lifecycle management.
- Support compliance and audit readiness by operationalizing security controls, producing necessary evidence, and maintaining the health of these controls.
- Champion a strong security culture by partnering with DevOps and Engineering teams to uplift secure coding practices and guide risk-based decision-making.
- Define key security performance indicators (KPIs) such as time to detect, time to remediate, exposure scores, and percentage of infrastructure covered by automated controls, and report measurable improvements to leadership.
What We're Looking For
- Excited about Alpaca’s mission and what we’re building
- 5+ years of experience across DevSecOps, security engineering, or cloud security in a modern cloud-native environment
- Strong hands-on experience with CSPs, Kubernetes, Terraform, and container security
- Deep understanding of secure CI/CD, including IaC security, dependency/SCA, secrets scanning, and policy-as-code
- Solid background in identity & access security
- Experience automating vulnerability management and patching workflows across cloud and container ecosystems
- Strong familiarity with detection engineering, logging/telemetry, and partnering in incident response
- Proficient in a scripting/programming language (Python, Go, or similar) for automation and security tooling
- Comfortable working cross-functionally with DevOps and Engineering teams, explaining risk in practical terms, and influencing secure design
- Comfortable participating in on-call rotations
Nice to Have
- Experience securing financial, trading, or other highly regulated platforms
- Knowledge of regulatory frameworks common in fintech (SOC 2, ISO 27001, PCI)
- Experience with supply-chain security (SBOMs, Sigstore, artifact signing) or software integrity programs
- Familiarity with offensive security, bug bounty triage, or penetration testing
- Security or cloud certifications (CISSP, OSCP, GIAC, GCP/AWS Security)
- Bachelor's degree in Computer Science, Information Security, or equivalent experience.
- Business acumen to be able to balance tradeoffs between stakeholders, technology feasibility and budget constraints
Technical Stack
- CSPs
- Kubernetes
- Terraform
- Container security
- Infrastructure as Code (IaC)
- Software Composition Analysis (SCA)
- Policy-as-code
- CI/CD pipelines
- Python
- Go
Team & Environment
- 100% distributed and remote
- Reports to the CISO, with a dotted line into Engineering; works closely with DevOps, Product, and Engineering leadership
Benefits & Compensation
- Competitive Salary & Stock Options
- Health Benefits
- New Hire Home-Office Setup: One-time USD $500
- Monthly Stipend: USD $150 per month via a Brex Card
Work Mode
- Globally distributed team; teammates work from favorite places around the world
Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.
