Lead DevSecOps Engineer

Role Overview

We are seeking a high-caliber Lead DevSecOps Engineer to own, secure, and scale our cloud infrastructure. In this role, you won't just be managing pipelines; you will be the bridge between agile engineering and uncompromising security. You will lead the architectural design of our AWS infrastructure while spearheading our InfoSec initiatives, specifically driving and maintaining our SOC 2 Type II compliance posture.

As a Lead, you will also manage and mentor a dedicated team of two DevOps engineers, fostering a culture of collaboration, automation, and security-first thinking. To ensure seamless alignment with our product and leadership teams, this role requires a daily 4-hour overlap with US working hours.

Key Responsibilities

Leadership & Team Management (20%)

• Lead, mentor, and conduct code/infrastructure reviews for a dedicated team of two DevOps engineers.
• Delegate tasks, manage the team's sprint planning, and remove blockers to ensure timely delivery of infrastructure goals.
• Act as the primary technical point of contact for US stakeholders, translating business requirements into actionable technical tasks.
• Maintain availability for a minimum 4-hour daily overlap with US business hours for synchronous collaboration, incident response alignment, and standups.

Security & Compliance (30%)

• Serve as the primary technical lead for SOC 2 Type II compliance, leveraging automated compliance platforms to ensure continuous control monitoring and evidence collection.
• Manage Identity and Access Management (IAM) and Single Sign-On (SSO) integrations to enforce a strict least-privilege access model.
• Lead vulnerability management, dependency scanning, penetration testing remediation, and threat modeling exercises.
• Manage incident response procedures and continuous security monitoring.

AWS Infrastructure & Architecture (25%)

• Design, build, and maintain scalable, fault-tolerant, and highly available infrastructure on AWS.
• Champion Infrastructure as Code (IaC) using Terraform or CloudFormation to ensure environments are reproducible and secure by design.
• Optimize cloud spend, performance, and resource utilization.

DevOps & Automation (25%)

• Own and optimize CI/CD pipelines (GitHub Actions, GitLab CI, or Jenkins) integrating automated security testing (SAST/DAST).
• Manage and scale containerized workloads using Docker and Kubernetes (EKS).
• Enhance system visibility by building robust logging, metrics, and alerting frameworks (DataDog, Prometheus, AWS CloudWatch).

Required Qualifications and Skills 

• Experience & Leadership: 6+ years in a DevOps/SRE role, with 1–2+ years of experience formally leading, mentoring, or managing engineering team members.
• Cloud Platform: Advanced expertise in AWS core services (EC2, VPC, S3, RDS, IAM, EKS, KMS, Route53).
• Compliance & InfoSec: Hands-on experience preparing for, achieving, or maintaining SOC 2 compliance frameworks.
• Infrastructure as Code: Strong proficiency with Terraform (preferred) or CloudFormation.
• Containers & Orchestration: Deep understanding of Docker and Kubernetes (EKS).
• Timezone & Communication: Exceptional English communication skills, with the ability to commit to a consistent daily schedule providing at least 4 hours of overlap with US business hours (e.g., EST/PST).

Preferred & Bonus Skills

• Compliance Automation: Hands-on experience with Vanta (or similar platforms like Drata/Secureframe) for automated SOC 2 readiness and continuous monitoring.
• Identity & Access Management: Experience configuring and managing Okta for enterprise SSO, lifecycle management, and RBAC integrations across AWS and engineering tools.
• Certifications: * AWS Certified DevOps Engineer – Professional
  AWS Certified Security – Specialty
  CISSP, CCSK, or equivalent security credentials

What Success Looks Like in the First 90 Days

• Day 30: Establish a workflow rhythm with your two direct reports, review our current AWS footprint, and audit our existing Vanta dashboard and Okta group mappings.
• Day 60: Identify gaps in our current security posture, implement automated compliance scanning (e.g., AWS Security Hub, Bridgecrew/Checkov), and take ownership of infrastructure sprint planning.
• Day 90: Streamline our automated evidence-collection process within Vanta for our next SOC 2 audit, optimize our Okta authentication pipelines, and introduce automated security linting directly into the team's deployment workflow.