DriveWhip is hiring a Senior DevSecOps Engineer to be the hands-on owner of security and reliability for the ThriveCart e-commerce platform. You will secure our infrastructure, automate our CI/CD pipelines, and ensure high availability through robust monitoring and incident response.

What You'll Do

Implement and maintain security scanning in CI/CD (SAST, dependency, container).
Harden AWS infrastructure (WAF, Security Groups) and manage network segmentation.
Monitor security advisories, coordinate patching, and track vulnerability remediation.
Manage encryption (rest/transit), secure compute resources, and audit IAM policies.
Provide security tooling/dashboards and assist developers with findings.
Maintain CloudWatch dashboards (Payment metrics, Database health, API performance).
Configure GuardDuty/Security Hub and build alerts for DDoS, intrusion, and anomalies.
Monitor production health, investigate anomalies, and perform root cause analysis.
Build investigation queries for security incidents and maintain response runbooks.
Monitor for penetration attempts, API abuse, and suspicious access patterns.
Manage AWS resources via Terraform (EC2, RDS, IAM, VPC) with security-first configurations.
Maintain zero-downtime CI/CD pipelines with integrated security gates and rollback mechanisms.
Administer MariaDB databases (performance tuning, backups, access controls).
Maintain Docker-based dev environments and secure container configurations.
Support compliance requirements (PCI-DSS) and manage evidence collection.

What We're Looking For

3-5 years experience in production operations for high-traffic web apps with a focus on security.
Experience implementing security controls (WAF, IAM, scanning) in AWS environments.
Experience with Infrastructure as Code (Terraform) and CI/CD security integration.
Experience with database administration (MariaDB/MySQL) and container security (Docker).
Experience with DDoS mitigation, incident response, and compliance frameworks.
Skills in vulnerability assessment, threat detection, IAM design, and secrets management.
Skills in CloudWatch alerting, Terraform module development, Bash scripting, and log analysis.
Soft skills: Security-first mindset, calm under pressure, collaborative educator.

Technical Stack

AWS: GuardDuty, WAF, CloudWatch, EC2, RDS
Infrastructure as Code: Terraform
Containers: Docker
Database: MariaDB
Languages & Systems: Git, Linux, Bash, PHP 7.4
Security Tools: Snyk/SonarQube (SAST), Trivy (Container), Checkov (IaC), AWS Secrets Manager
Web & Caching: Nginx, Memcached
CI/CD & Automation: GitHub Actions, Let's Encrypt