Dev/Sec Ops Engineer

LIVING OUR VALUES All associates are guided by Our Values. Our Values are the unifying foundation of our companies. We strive to ensure that every decision we make and every action we take demonstrates Our Values. We believe that putting Our Values into practice creates lasting benefits for all of our associates, shareholders, and the communities in which we live. A Day in The Life We’re seeking a DevSecOps Engineer to own the secure delivery pipeline and platform foundations across cloud environments. You’ll design and automate IAM, infrastructure as code (Terraform), CI/CD (GitHub Actions), and Kubernetes operations, embedding security controls by default and enabling development teams to ship quickly and safely. What You’ll Do • Design and implement least-privilege IAM (users, roles, policies, SSO/OIDC) across cloud and Kubernetes (RBAC, service accounts, Pod Security Standards). • Build/maintain Terraform modules and environments (prod/non-prod), enforce drift detection, and apply policy-as-code (OPA/Conftest, Sentinel, Checkov/tfsec). • Own GitHub Actions pipelines (build/test/scan/sign/release), reusable workflows, environment protections, required reviews, and deployment gates. • Operate Kubernetes clusters (EKS/AKS/GKE or on-prem): cluster lifecycle, Helm/Kustomize, GitOps (Argo CD/Flux), NetworkPolicies, ingress, secrets. • Embed software supply chain security: SCA/SAST/DAST, container/IaC scanning, SBOM generation, image signing (Cosign), provenance (SLSA). • Implement secret management (Vault/Secrets Manager/KMS), key rotation, and secure parameter stores. • Stand up observability: metrics, logs, traces (Prometheus/Grafana/ELK/Cloud-native), and actionable alerts. • Automate incident response runbooks; support on-call for platform/security events. • Partner with AppSec and product teams on threat modeling, secure design reviews, and remediation. • Contribute to compliance initiatives (SOC 2/ISO 27001) with evidence automation and configuration baselines. • Drive cost, reliability, and capacity guardrails; champion platform DX and documentation. Required Qualifications • 8+ years in DevOps/Platform/SRE with a security-first mindset. • Strong IAM design (cloud + Kubernetes RBAC), OIDC/OAuth2, SSO/IdP (e.g., Okta/Azure Entra). • Production Terraform experience (workspaces, modules, remote state, CI-driven plans/applies). • Hands-on GitHub Actions (self-hosted runners, OIDC to cloud, environments/protections, matrix builds). • Operating Kubernetes in production (Helm, networking, ingress, autoscaling, upgrades, backups/DR). • Practical use of security scanners (e.g., Wiz, Trivy/Grype, Dependabot, Checkov/tfsec), and policy-as-code. • Proficient with one or more clouds (AWS), Linux, containers, and networking fundamentals. • Strong scripting in Python or Bash; Infrastructure troubleshooting and debugging skills. • Clear communication, ownership, and ability to drive cross-team initiatives. Nice to Have • HashiCorp Vault, keeper/Kyverno, service mesh (Istio/Linkerd), or CNI like Cilium. • GitOps at scale (Argo CD multi-app/multi-cluster), progressive delivery (Argo Rollouts/Flagger). • Experience with SIEM, detections, or security data pipelines. • Knowledge of data protection (PII), tokenization, and regional compliance. • Background in financial/insurance/auto domains (regulated environments). Physical Requirements The physical requirements described here are representative of those that must be met by an associate to successfully perform the essential functions of the job. While performing the duties of the job, the associate is required on a daily basis to analyze and interpret data, communicate, and remain in a stationary position for a significant amount of the work day; and frequently access, input, and retrieve information from the computer and other office productivity devices. The associate is regularly required to move about the office and around the corporate campus. The associate is occasionally required to travel to other sites, including out-of-state, where applicable, for business. The associate must frequently move up to 10 pounds and occasionally move up to 25 pounds. Work Environment The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job. While the job is generally performed in an office environment, the associate is occasionally exposed to wet and/or humid conditions, areas in which moving mechanical parts, fumes, toxic or caustic chemicals are present, and outside weather conditions. The noise level in the office environment is typically quiet, but the associate may be occasionally exposed to loud noise levels. Travel Required Minimal travel is required for this position (up to 20% of the time and on a domestic basis). The Friedkin Group and its affiliates are equal opportunity employers and maintain drug-free workplaces by conducting pre-employment drug testing.