[Hiring] Sr. DevOps Engineer @NoFraud

Role Description

As Senior DevSecOps hire, you'll architect security into every layer of our AWS infrastructure while maintaining the velocity that makes us successful. You'll own our compliance automation strategy for PCI DSS and SOC2, secure our machine learning models from adversarial attacks, and build the security foundation for our next phase of growth.

• Security Architecture & Automation (45%)
  • Lead design and implementation of enterprise-grade security controls across AWS infrastructure (EC2, ECS, Kubernetes)
  • Architect automated security scanning into CI/CD pipelines (Jenkins, GitHub Actions, Harness)
  • Design and implement policy-as-code for Terraform infrastructure using Spacelift
  • Lead container security strategy including scanning, hardening, and runtime protection (CrowdStrike)
  • Mentor team members on security best practices and secure architecture patterns
  • Define security roadmap and drive strategic security initiatives
• Compliance & Risk Management (25%)
  • Lead PCI DSS and SOC2 compliance automation and evidence collection strategy
  • Design and maintain continuous compliance monitoring with automated controls
  • Conduct comprehensive security assessments and advanced vulnerability management
  • Create security documentation, runbooks, and compliance artifacts
  • Serve as technical liaison for security audits and assessments
• Incident Response & Monitoring (20%)
  • Architect and optimize AWS security services (GuardDuty, Security Hub, Inspector)
  • Design advanced security monitoring with Datadog SIEM integration
  • Lead incident response procedures and conduct post-mortems
  • Implement intelligent automated remediation workflows
  • Establish security metrics and reporting dashboards
• Developer Enablement (10%)
  • Build self-service security tools and guardrails for development teams
  • Conduct security training and establish security champions program
  • Implement frictionless security controls that enable velocity
  • Drive security culture across the engineering organization

Qualifications

• 6+ years securing production AWS environments with deep expertise in IAM, VPC architecture, and AWS security services
• 5+ years mastering Infrastructure as Code with advanced Terraform patterns and security best practices
• Expert-level Python and Bash scripting for complex security automation
• 3+ years hands-on container security (Docker hardening, multi-stage builds, ECS/EKS security)
• Proven experience integrating security into CI/CD pipelines at scale
• Deep knowledge of PCI DSS and SOC2 with hands-on compliance implementation experience
• Experience with security scanning tools (Snyk, Trivy, tfsec, Tenable) and secrets management (Doppler, AWS Secrets Manager)

Mindset & Approach

• Automation-first mentality with demonstrated track record of eliminating toil and manual processes
• Strategic balance between security rigor and business velocity
• Excellent communication skills for working with developers, leadership, auditors, and external stakeholders
• Experience working in high-performance, fast-moving startup environments

Benefits

• We’re a high-performing team that is passionate about fraud and a community driven by values that shape everything we do.
• We seek passionate and dedicated individuals who align with our core principles; Integrity, Pride, Humility and Impact.