DevOps Engineer - Security / PCI and Compliance (Edtech)

TL;DR

DevOps Engineer (Security/PCI): Building and securing production infrastructure and deployment pipelines with an accent on PCI DSS compliance and AI-driven automation. Focus on designing scalable cloud systems, implementing technical security controls, and automating audit evidence collection using agentic AI.

Location: Fully Remote

Company

Edtech company dedicated to helping K–12 school districts communicate, engage, and connect with their communities.

What you will do

• Own and improve cloud infrastructure on AWS and Azure, specifically protecting the cardholder data environment (CDE).
• Build and optimize CI/CD pipelines and Infrastructure-as-Code using Terraform and CloudFormation.
• Lead the PCI DSS compliance program, managing technical controls, evidence gathering, and coordinating with QSAs for audits.
• Implement network segmentation, encryption, and vulnerability scanning to maintain secure configuration baselines.
• Develop agentic AI workflows to automate PCI DSS readiness, evidence collection, and audit-prep tasks.
• Establish observability through monitoring, logging, alerting, and incident response runbooks.

Requirements

• 5+ years of DevOps, SRE, or cloud infrastructure experience in a SaaS or cloud-first environment.
• Direct experience owning technical controls and preparing evidence for successful PCI DSS audits.
• Hands-on expertise with AWS or Azure (VPC, IAM, KMS) and container orchestration (Docker, Kubernetes).
• Practical experience building agentic AI workflows using LLM APIs or agent frameworks to replace manual work.
• Proficiency in scripting with Python, Bash, Go, or PowerShell.
• Excellent written communication skills for documenting technical decisions and reporting to leadership.

Nice to have

• Experience in edtech or environments governed by FERPA, COPPA, or state privacy laws.
• Familiarity with SOC 2, ISO 27001, NIST CSF, or HIPAA frameworks.
• Security certifications such as CISSP, CISA, Security+, or CKS.
• Experience with compliance automation platforms like Vanta, Drata, or Secureframe.
• Experience with agent frameworks like LangChain or Anthropic deployed in regulated environments.

Culture & Benefits

• Remote-first team that values collaboration, craft, and the mission of supporting public education.
• Environment focused on automating toil to allow engineering teams to move faster.
• Opportunity to act as a trusted advisor to leadership on technology investments and compliance posture.