Posted inJobs

DevSecOps Engineer

May 9, 2025No CommentsPosted inJobs

DevSecOps Engineer – Industrial AI Platform Role Summary
You’ll own security implementation across our AI deployment pipelines – from AWS EC2 development environments to air-gapped industrial sites. This hands-on role combines security engineering, infrastructure automation, and operational reliability for a platform deploying mission-critical ML models at the edge.

Key Responsibilities
Infrastructure Security Automation

  • Develop and maintain OpenTofu modules for consistent VM provisioning across environments
  • Harden EC2 and on-prem VM templates with Ansible security playbooks
  • Implement least-privilege IAM policies and secure network configurations
  • Design secure bootstrapping processes for production environments

Kubernetes Deployment Security

  • Secure our K3s clusters with proper pod security policies and network isolation
  • Implement robust RBAC models with granular permissions
  • Design secure inter-service communication patterns
  • Build security monitoring for cluster components and workloads

CI/CD Pipeline Hardening

  • Integrate automated security scanning into build pipelines (container scanning, SCA, SAST)
  • Implement secure artifact management with signing and verification
  • Build proper secrets management for deployment pipelines
  • Establish secure container base images and build processes

Operational Security & Reliability

  • Design secure update mechanisms for air-gapped environments
  • Implement monitoring, alerting and incident response automation
  • Build comprehensive logging and audit trails across environments
  • Develop metrics for tracking security and reliability KPIs

Security Reporting & Governance

  • Create security dashboards for visibility into system security posture
  • Build automated compliance validation for industrial requirements
  • Develop practical security documentation and runbooks
  • Run internal security reviews and share findings with engineering teams

Tech Stack

  • Kubernetes (K3s for edge deployment, Kind for local dev, EKS for cloud)
  • OpenTofu (planned) and Ansible for infrastructure automation
  • AWS EC2 for development/test environments, on-prem for production
  • GitHub Actions for CI/CD pipelines
  • Docker for containerisation
  • Python and Bash for security tooling and automation
  • SvelteKit for frontend

Requirements
Essential Skills & Experience:

  • Strong experience with infrastructure-as-code security (Terraform/OpenTofu, Ansible)
  • Hands-on Kubernetes security implementation (networking, RBAC, policies)
  • Experience securing containerised workloads and build pipelines
  • Practical security monitoring and alerting implementation
  • Experience with Linux security controls including AppArmor profile development and enforcement
  • Comfort working with Python, shell scripts, and CLI tooling
  • Ability to balance security requirements with practical engineering trade-offs
  • Experience with log aggregation and operational monitoring

Desirable Skills:

  • Experience with industrial or air-gapped deployments
  • Knowledge of ML/AI deployment security considerations
  • Familiarity with regulated environments (finance, healthcare, industrial)
  • Experience with zero-trust networking concepts
  • Experience with Linux hardening for edge deployments

About You

  • You’re hands-on – you code solutions rather than just pointing out problems
  • You find pragmatic security solutions that work in the real world
  • You can explain complex security concepts to people who don’t live in that world
  • You balance “secure by default” with “needs to actually work”
  • You’re comfortable diving into unfamiliar codebases to find and fix issues

#DevSecOps #Engineer

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *