Senior DevSecOps Engineer

About the role

We're a startup with big ambitions: to make estate planning modern, visual, and intelligent. Vanilla is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience. Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We're distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you'll join curious builders and problem-solvers who thrive on speed, autonomy, and impact. Here, you won't just join a company, you'll help create it. If you're excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we'd love to meet you. Working Location This role is a remote position, you must be based out of one of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, New York, Ohio, Pennsylvania, Texas, Utah or Washington. Job Summary We're looking for a Senior DevSecOps Engineer to own and operate our security tooling, manage key vendor relationships, and drive our application and cloud security programs forward. This is a hands-on, high-ownership role: you'll be the day-to-day operator of our security stack, the point person for our vCISO engagement, and the engineer building the processes that keep Vanilla's platform and infrastructure secure. You'll also own the operational cadence of our security program: managing vendor-led pen tests, running tabletop exercises, maintaining our incident response playbook, and building a multi-quarter security roadmap. This role is ideal for a strong DevOps or infrastructure engineer who is security-minded, eager to own a security program, and comfortable operating in a fast-moving Series B environment. You'll report to the Director of Engineering and collaborate closely with our vCISO (Latacora) and external partners.

Responsibilities

• Cloud & Infrastructure Security
• Secure AWS infrastructure, systems, and networking
• Review infrastructure-as-code (Terraform) changes for security implications
• Support secrets management, IAM policy reviews, and encryption standards
• Triage and respond to cross-team IT requests that carry security implications
• Security Operations & Tooling
• Operate and tune security tooling including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare
• Monitor and triage security alerts across dedicated channels
• Serve as the primary responder for cross-team security requests
• Vendor & Program Management
• Manage the vCISO relationship, including coordinating on cloud security posture, endpoint coverage, and SOC 24x7 operations
• Own the annual penetration test lifecycle: vendor selection, scoping, coordination, remediation tracking, and reporting
• Scope and coordinate AI red team engagements
• Run tabletop exercises and maintain the incident response playbook
• Build and maintain a multi-quarter security roadmap in partnership with engineering leadership
• Application Security
• Own and evolve pre-deploy security gates across CI/CD pipelines
• Run vulnerability management for libraries and application code: scanning, prioritization, and remediation workflows
• Conduct threat modeling for new features, integrations, and architecture changes
• Champion secure coding practices across engineering teams
• AI Security
• Scope and coordinate AI red team exercises against Vanilla's AI-powered features
• Assess security of AI/ML pipelines, inference endpoints, and third-party AI vendor integrations
• Implement and maintain guardrails for AI outputs, including controls against prompt injection and data exfiltration
• Establish data governance practices for sensitive training data (PII/PHI in estate and financial documents)
• What This Role Is Not
• This role is focused on infrastructure and security engineering, not compliance or customer trust. SOC 2, security questionnaires, and audit documentation sit elsewhere in the org.
• Required Qualifications

Requirements

• Hands-on AWS experience: infrastructure, networking, and cloud security posture
• Experience with infrastructure-as-code (Terraform or CloudFormation)Strong understanding of IAM, network security, encryption, and secrets management
• Hands-on vulnerability management experience: scanning, triage, remediation workflows
• Experience with threat modeling, secure code review, and CI/CD security gating.
• Strong scripting and automation skills (Python, Bash, or similar)
• Experience operating security tooling: EDR, SIEM, email security, WAF, or similar
• Familiarity with SentinelOne, Sublime, Panther, or Cloudflare specifically
• Prior incident response or tabletop exercise facilitati

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at vanilla? Share your experience