DevSecOps Engineer

TL;DR

DevSecOps Engineer: Designing and implementing security and resiliency across hirify.global's cloud platform and CI/CD pipelines with an accent on secure SDLC integration and automated vulnerability management. Focus on strengthening cloud and Kubernetes environments, improving detection and response capabilities, and fostering a strong security culture.

Location: Remote (Global)

Company

hirify.global is a US-headquartered self-clearing broker-dealer and brokerage infrastructure offering services for stocks, ETFs, options, crypto, fixed income, and 24/5 trading, serving financial institutions across 40 countries.

What you will do

• Design and implement security and resiliency across cloud platforms and CI/CD pipelines.
• Embed security into the SDLC, including Infrastructure as Code (IaC) scanning, Software Composition Analysis (SCA), and vulnerability management.
• Harden cloud and Kubernetes environments through secure configurations and compliance against industry standards.
• Own cyber-resiliency standards, develop secure deployment patterns, and improve detection/response capabilities.
• Conduct security reviews and threat modeling for new services, strengthening Identity & Access Management (IAM).
• Champion a strong security culture by partnering with DevOps and Engineering teams and defining key security performance indicators (KPIs).

Requirements

• 5+ years of experience across DevSecOps, security engineering, or cloud security in a modern cloud-native environment.
• Strong hands-on experience with CSPs, Kubernetes, Terraform, and container security.
• Deep understanding of secure CI/CD, including IaC security, dependency/SCA, secrets scanning, and policy-as-code.
• Proficiency in a scripting/programming language (Python, Go, or similar) for automation and security tooling.
• Solid background in identity & access security and automating vulnerability management workflows.
• Comfortable participating in on-call rotations and working cross-functionally with DevOps and Engineering teams.

Nice to have

• Experience securing financial, trading, or other highly regulated platforms.
• Knowledge of regulatory frameworks common in fintech (SOC 2, ISO 27001, PCI).
• Experience with supply-chain security (SBOMs, Sigstore, artifact signing) or offensive security engagements.
• Security or cloud certifications (CISSP, OSCP, GIAC, GCP/AWS Security).

Culture & Benefits

• Competitive salary and stock options, alongside health benefits.
• One-time USD $500 for new hire home-office setup and a USD $150 monthly stipend.
• Work in a globally distributed team with members spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, and the UK.
• Commitment to open-source contributions and fostering a vibrant community.
• Emphasis on core values: Stay Curious, Have Empathy, and Be Accountable.