Who you are

• 5+ years of experience in security operations, vulnerability management, threat detection, or DevOps focused on security
• 3+ years of proven experience in implementing DevSecOps practices
• 3+ years of experience with cloud platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes)
• 3+ years knowledge of scripting and programming languages (e.g., Python, Bash)
• 1+ years familiarity with infrastructure as code (IaC) tools (e.g., Terraform, Cloudformation, Ansible)
• Familiarity with AI security concepts
• Familiarity with SOC2, ISO27001, ISO 27701 and ISO 42001
• Strong understanding of platform, application, and cloud security fundamentals
• Automating deployment, scaling, and management of containerized applications with Docker or Kubernetes
• Experience with CI/CD tools (e.g., Github Actions)
• Experience with bug bounty programs
• Proficiency in security tools (e.g., Snyk, Semgrep, Contrast, Wiz)
• Deep understanding of network and application security threats, attack techniques, and mitigation options
• Experience managing vulnerability scans and effectively prioritizing actions for system owners
• Experience deploying, monitoring, and managing systems in the AWS
• Security centric in all approaches to design in infrastructure as code, as well as Docker build pipelines and microservice deployments
• Experience building and maintaining security investigation and/or response tools
• Able to work independently and coordinate activities across multiple teams
• Ability to drive multiple projects and priorities while managing operational responsibilities
• Excellent written and verbal communication skills, building positive relationships with partner organizations
• BS or MS degree in Computer Science, Engineering, or equivalent job experience

What the job involves

• The Evisort Security team is expanding and looking for a DevSecOps engineer to join our AI Security team
• We’re a hands-on security engineering team focused on enabling secure development across the stack
• From supporting developers with bug bounty triage to securing our AI agent infrastructure, we embed security into every phase of the SDLC
• Our work spans cloud security, application security, CI/CD hardening, runtime security, and ensuring alignment with compliance frameworks like SOC 2 and ISO 27001
• We partner closely with engineering to drive practical, scalable security solutions that support rapid innovation. As a DevSecOps engineer, you will work closely with DevOps, Security, and Development teams to ensure security is baked into our systems
• Integrate security at every stage of the software development lifecycle (SDLC) and deployment pipelines
• Partner with engineering and platform teams to implement security-by-design and shift-left security practices
• Drive the implementation and monitoring of Identity and Access Management (IAM) controls, with a focus on Okta integrations and best practices
• Build, deploy, and manage security tools and services. Design and implement scalable processes across Evisort’s cloud services and infrastructure environments
• Lead and manage the end-to-end vulnerability management lifecycle, including discovery, assessment, prioritization, remediation, and reporting
• Establish and maintain secure infrastructure and configurations using infrastructure as code
• Build and manage CI/CD pipelines and constantly improve their reliability & speed, and reduce lead time for changes

The application process

• End Date: July 29, 2025

Benefits

• 401k plan
• Company equity
• Vision and dental insurance
• Work from home opportunities
• Health insurance
• On-site health clinic (Pleasanton office)
• Virtual primary care
• Flexible time-off policy
• Global mental health resources
• Global dedicated on-site clinical counselors
• Global well-being days
• $25k fertility/family planning benefits
• North Star financial wellness
• Retirement funds and matching