jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

security

Posted Yesterday

DevSecOps Engineer

at TrueML

Remote
JavaScriptPythonAWSDockerKubernetesTerraformAzurecloudformationcustomer-supportexcel

Responsibilities

  • Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda).
  • Automate Compliance: Move beyond manual checks by building real-time monitoring and automated remediation for AWS resources, ensuring we stay "audit-ready" for frameworks like PCI and ISO 27001.
  • Lead Threat Modeling: Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans.
  • Guard the Infrastructure: Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF to ensure a "least privilege" environment. What you bring

Requirements

  • TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers.
  • TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions.
  • The TrueML team includes inspired data scientists, financial services industry experts and customer
  • Security Automation & CI/CD Integration (Core Focus)
  • (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
  • Cloud Security (AWS Focus)
  • • Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)
  • Innovate with AI: Stay at the forefront of the industry by developing security standards for Generative AI.
  • You’ll leverage AI-powered tools to explore our attack surface while defending against AI-driven threats.
  • A Cloud Specialist: You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments.
  • Certified and Credentialed: You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP ) and have a firm grasp of compliance frameworks like PCI and ISO 27001 .
  • Technically Versatile: You are familiar with OWASP , proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers.
  • AI-Aware: You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls.
  • • Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins)
  • • Strong hands-on experience with AWS cloud security
  • • Proficiency in application security tooling and integration •
  • Experience with container security (Docker, Kubernetes)
  • • Strong scripting/programming skills (Python, JavaScript)
  • • Understanding of modern DevSecOps and shift-left security practices
  • The ability to protect confidential company, employee, customer, and business information while working outside of a company office is also required.
  • This is a beta feature to avoid spam applicants.

Experience

  • An Experienced Defender: You bring 7-10 years in software engineering, DevOps, or cloud engineering. 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response.

Benefits

  • \n $122,090 - $160,000 a month For U.S.-based hires, the overall base salary framework for this role currently spans $122,090- $160,000 .
  • The applicable base salary range for any individual hire depends on the geographic labor market associated with the employee’s primary work location along with other factors such as relevant skills, experience, and qualifications.
  • We encourage you to speak to your recruiter to learn more about our compensation philosophy as well as discuss our benefits, total rewards, and opportunities for growth. \n
  • What We Offer (Perks & Benefits) • Flexible vacation •
  • Medical/dental/vision insurance •
  • Traditional/Roth retirement savings options •
  • Company-paid disability and life insurance •
  • Family-friendly parental leave, volunteer and voting time off •
  • PerkSpot discount program for 900+ merchants nationwide
  • We are an equal opportunity employer.

Additional details

  • Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances.
  • experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system. \n What you will do Position Summary
  • development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and
  • application security, driving automation, scalability, and secure-by-default development practices.
  • You will design and implement security-first CI/CD pipelines, embed automated security testing, and
  • partner with engineering teams to ensure applications are built, deployed, and operated securely—at scale Key Responsibilities
  • • Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD pipelines
  • • Implement security gates, policy enforcement, and compliance checks within pipelines
  • • Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)
  • • Enforce least privilege access, secrets management, and runtime protections Own Cloud Security:

Find more real-time jobs on JobLoom.