DevSecOps Engineer

Responsibilities

• Own the SSDLC end to end, including secure coding standards, threat modeling, security gates, policy-as-code, and documentation suitable for audits, in partnership with the Software Architect in an advisory capacity.
• Drive vulnerability identification, triage, and remediation across Python, Go, and TypeScript/React codebases, partnering directly with engineers to prioritize and fix issues effectively.
• Design, harden, and optimize CI/CD pipelines using tools such as GitHub Actions, GitLab CI, Jenkins, or similar systems, ensuring security controls are integrated cleanly into developer workflows.
• Integrate and operate security tooling across the software delivery lifecycle, including SAST, DAST, SCA, secret scanning, container scanning, and dependency analysis.
• Implement secure software supply chain practices such as signed artifacts, SBOM generation, provenance controls, and related guardrails for build and release processes.
• Manage secrets, credentials, and signing keys used by build and deployment pipelines, applying least-privilege access, rotation, and secure storage practices.
• Partner with engineering teams to review code, assess risk, and recommend practical remediation approaches that improve security without unnecessarily slowing delivery.
• Support security incident response and post-incident follow-up for application and platform issues, helping identify root causes and drive durable fixes.
• Contribute to audit readiness and evidence collection for frameworks such as ISO 27001, SOC 2, PCI DSS, or FedRAMP, especially where CI/CD controls and engineering practices are in scope.
• Mentor engineers on secure development practices and help establish a culture where security is built into design, implementation, and release processes from the start.

Requirements

• Experience in a DevSecOps, application security, or product security role, including designing and operating a Secure Software Development Lifecycle (SSDLC).
• Hands-on experience with CI/CD systems such as GitHub Actions, GitLab CI, Jenkins, or similar, including pipeline design, optimization, and hardening.
• Strong knowledge of application security tooling including SAST, DAST, SCA, and container scanning, along with a practical understanding of the OWASP Top 10.
• Ability to read and review code in at least one of Python, Go, or TypeScript and to work directly with developers on remediation.
• Experience with Docker and Kubernetes, secrets management systems such as Vault, and authentication patterns such as OAuth2 and OpenID Connect.
• Strong communication and collaboration skills, with the ability to influence engineering teams and drive secure practices without direct authority.
• Security certifications such as CSSLP, OSCP, GWAPT, CISSP, or equivalent.
• Experience with software supply chain security practices and tooling, including SLSA, Sigstore/cosign, and SBOM generation or validation.
• Familiarity with OpenStack, Ceph, or other large-scale open-source infrastructure platforms.
• Experience supporting audits or compliance initiatives such as ISO 27001, SOC 2, PCI DSS, or FedRAMP, including evidence collection tied to CI/CD and engineering controls.
• Experience with threat modeling methodologies such as STRIDE or PASTA, and with IaC security scanning across Terraform, Ansible, and Kubernetes manifests.
• Familiarity with multi-tenant SaaS or public cloud environments, and experience operating Rocky Linux or Ubuntu in produ

Benefits

Additional Information

Rumble is the Freedom-First technology platform. We proudly offer a video platform, cloud services, advertising solutions, and a non-custodial cryptocurrency wallet. Rumble Cloud is seeking a DevSecOps Engineer to embed security throughout the software development lifecycle for our cloud platform and customer-facing services. This is a hands-on engineering role that owns our Secure Software Development Lifecycle (SSDLC) end to end: you'll design it, operate it, partner with engineering teams to remediate vulnerabilities, and continuously harden the CI/CD pipelines that ship Rumble Cloud to production. Our platform is built on OpenStack and Ceph, and this role sits at the intersection of application security, platform engineering, and developer enablement. You should be comfortable reviewing pipeline configurations, triaging SAST, DAST, SCA, and container scanning findings with developers, and driving practical security improvements across Python, Go, and TypeScript codebases without becoming a bottleneck to delivery. You'll work closely with application, platform, and infrastructure teams, with architectural guidance from our Software Architect, to make security a core part of how we build and ship software. That includes defining secure coding standards, integrating automated security tooling into CI/CD, improving software supply chain integrity, supporting audit readiness, and helping engineers make sound, scalable security decisions in a fast-moving cloud environment.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at rumble? Share your experience