Cyber R&D

Senior DevSecOps Engineer

This is some text inside of a div block.

About The Position

Every nation has data. Few can protect it. Fewer still can act on it.

Dream is the sovereign AI and national cyber-defense company for governments.

We help nations secure their most critical systems, connect fragmented information at a national scale, and turn their most sensitive data into decisions, all fully sovereign.

This is more than a job. It's a Dream job, where you'll work at a global scale alongside some of the best AI researchers, cyber operators, and government experts in the world.

We defend nations against the most advanced threats in the world with a national security suite that offers AI-native resilience against APTs with visibility, insights and mediation across Posture, CTI, and Detection & Response, all fully sovereign.

The Dream Job

We are looking for an experienced DevSecOps Engineer to join our DevOps core platform team and help strengthen the security of our cloud-native infrastructure and development pipelines.

You will work closely with our CISO, DevOps team, and developers to integrate security practices across the entire software development lifecycle (SDLC), helping ensure a secure, scalable, and resilient platform across cloud and on-prem environments.

The Dream-Maker Responsibilities

Integrate security practices into CI/CD pipelines and across the SDLC
Design and implement automated security solutions (vulnerability scanning, compliance checks, threat detection)
Build and maintain Infrastructure as Code (IaC) for secure, scalable cloud environments (Terraform, Ansible)
Automate security controls and operational processes across cloud and Kubernetes environments
Design, implement, and optimize CI/CD pipelines with a focus on security, reliability, and performance
Secure cloud and on-prem environments (IAM, network controls, encryption best practices)
Manage and harden Kubernetes workloads, including configuration, access control, and image security
Collaborate with DevOps, developers, and security teams to improve system reliability and overall security posture
Conduct security assessments, penetration testing, and compliance audits
Monitor threats, respond to incidents, and improve incident response processes
Promote DevSecOps culture by guiding teams on secure coding, infrastructure, and deployment practices
Enhance observability by integrating monitoring, logging, and SIEM solutions

The Dream Skill Set

5-8 years of experience in DevOps/Security, focusing on secure infrastructure and application security.
Expertise in cloud security (AWS, GCP, Azure) and Infrastructure as Code (IaC) tools like Terraform and Ansible.
Experience integrating security into CI/CD pipelines using tools like Jenkins, GitHub Actions, and ArgoCD.
Knowledge of container security, Kubernetes best practices, and image scanning.
Proficient with security practices (SAST, DAST, SCA, secret scanning) and compliance frameworks (e.g., CIS, NIST, ISO 27001, SOC2).
Strong scripting skills (Python, Bash) for automating security tasks.
Experience with zero-trust models, IAM, and secrets management.
Familiar with AWS security tools (GuardDuty, Inspector, Shield, CloudTrail) and monitoring/alerting solutions (Grafana, Prometheus, SIEM).
Strong troubleshooting skills in network security, encryption, and secure authentication.
Excellent communication and collaboration skills.

Advantages:

Experience securing endpoint products (agents, sensors, collectors).
Background in AI security (securing ML models, training pipelines, inference serving).
Hands-on experience with policy as code tools such as OPA (Open Policy Agent) or Kyverno.
Familiarity with compliance frameworks like ISO 27001, SOC 2, HIPAA, PCI-DSS, or FedRAMP.

Tech Stack:

Cloud & Orchestration: AWS, Kubernetes, EKS, ECS
CI/CD & IaC: Jenkins, GitHub Actions, Terraform, Ansible, ArgoCD
Programming & Scripting: Python, Bash, Go
Monitoring & Logging: Prometheus, Grafana, Loki
Databases & Messaging: MongoDB, RabbitMQ, Postgres, Neo4J, etc

Never Stop Dreaming...