Senior DevSecOps Engineer

Requirements

• Bachelor's Degree or Diploma in Cybersecurity, Computer Science, Information Technology, or related discipline.
• 10+ years of experience in DevSecOps / Cloud Engineering delivering and securing production AWS and Azure environments, including cloud security architecture and operations.
• At least 3 years hands-on experience operating enterprise-scale platforms (systems engineering/administration), including reliability engineering, monitoring/telemetry, and incident response.
• Advanced IaC expertise with Terraform (plus CloudFormation/Bicep preferred), building standardized, governed cloud foundations (landing zones, guardrails, automation).
• Proven experience building and securing CI/CD automation using GitLab and/or Azure DevOps, including automated security testing and supply-chain controls (SBOMs, artifact signing, provenance).
• Strong Kubernetes security experience with AKS/EKS, including policy enforcement an

Benefits

Additional Information

Senior DevSecOps Engineer Dalio Family Office Dalio Family Office Overview: The Dalio Family Office (DFO) supports Barbara and Ray Dalio and their family in their ventures, investments, and philanthropic efforts under Dalio Philanthropies, which includes OceanX, Dalio Education, Endless Network, and the Beijing Dalio Foundation. The core of the DFO's culture is built around meaningful work and meaningful relationships and the family's commitment to giving back. The office is headquartered in Westport, CT with regional offices in New York City, Singapore, and Abu Dhabi. This is a hybrid position reporting primarily out of our New York City office location. Position Summary: Reporting to the Cybersecurity Lead, the Senior DevSecOps Engineer will design, deploy, and secure scalable AWS + Azure environments with a strong focus on Infrastructure as Code (IaC). The purpose of this role is to build secure cloud-native infrastructure from the ground up, operationalize AWS/Azure services, and automate the reliability and security of mission-critical systems. You will embed security-by-design across the SDLC by implementing secure CI/CD pipelines with automated testing, policy controls, and supply-chain protections (SBOMs, signed artifacts, provenance), while centralizing security telemetry into Microsoft Defender for Cloud for unified posture management, threat detection, and compliance. The role also secures cloud infrastructure, data, and key management using AWS KMS and Azure Key Vault, hardens AKS/EKS with policy-as-code (OPA/Gatekeeper) and runtime protections, and extends these controls to AI/LLM development and inference platforms including AWS Bedrock, AI Foundry, and vLLM. Day-to-day responsibilities would include a combination of the following: Embed security-by-design across the SDLC with automated controls and measurable security outcomes. Deliver a secure, compliant AWS/Azure cloud foundation with strong data protection and key management. Harden container and Kubernetes platforms with consistent policy enforcement and runtime protection. Build and maintain secure CI/CD pipelines with SAST/SCA, IaC + container scanning, secret detection, and policy gates, including threat modelling and secure design practices. Enforce software supply-chain security (SBOMs, signed images, provenance verification) and route pipeline/code telemetry into Microsoft Defender for Cloud. Secure AWS/Azure workloads across identity, network, compute, and storage; implement encryption, classification, retention, DLP, and safe logging. Operate AWS KMS / Azure Key Vault (rotation, auditing, envelope encryption) and use Defender for Cloud for CSPM/CWPP, threat detection, and compliance. Harden AKS/EKS using pod security, OPA/Gatekeeper, network policies, secrets management, and runtime protections; govern artifacts via JFrog Artifactory (trust, allow/deny, immutability) and integrate Kubernetes signals into Defender for Cloud. Additional duties as assigned. The ideal candidate will possess the following knowledge, skills, attributes, and values: Security minded with the utmost regard for confidentiality and discretion. Collaborative and helpful by nature. Strong sense of ownership in one's work. Excellent communication and synthesis skills. Demonstrated track record supporting mission-critical workloads end-to-end: secure deployments, hardening, centralized logging/telemetry, compliance, and continuous optimization. Familiarity with cloud governance and security tooling including Microsoft Defender for Cloud, AWS SCPs/RCPs, Azure Policy, and OPA/Gatekeeper. Illustrative Benefits: 100% company paid medical premiums 17 company paid holidays Friday summer hours Monthly community happy hours Hybrid work environment Free catered food services for in-office days Generous PTO offering Casual dress code 150% 401(k) match up to $7,500 and 100% match above $7,500 ($15k match limit) Gym reimbursement, back up childcare services, insurance, financial, and legal services, and much more!

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at dforeferrals? Share your experience