Staff DevSecOps Engineer

About the role

Co-founded in 2023 by Joe Laws and Grant Verstandig , Trase Systems is AI, Uncomplicated. Trase empowers enterprise leaders to harness the full potential of AI without the associated complexity and risks. We are an end-to-end solution for deploying, managing, and optimizing AI in the enterprise. Our platform specializes in bridging the "last mile" of AI adoption, unlocking AI's full potential while driving efficiency and significant cost savings. Trase is at the forefront of AI Agent innovation, topping the Hugging Face GAIA Leaderboard for Generalized AI Assistants, ahead of industry giants such as Google, Meta, Microsoft, and OpenAI. We are leveraging our cutting-edge technologies to develop mission-critical agentic applications in complex industries such as Healthcare, Oil & Gas, and National Security. As the Staff DevSecOps Engineer, you will be the technical owner of how security is built into Trase's software development lifecycle and cloud operations. You will integrate automated security testing, continuous vulnerability management, and secure coding practices directly into our existing CI/CD pipelines, where the cost of catching misconfigurations and vulnerabilities is lowest and the blast radius is smallest. You will own the implementation of Trase's dedicated security architecture, delivering shift-left tooling (SAST, DAST, SCA, secrets scanning, and IaC scanning) alongside production cloud security services and resources, all deployed through infrastructure-as-code. By standardizing and operating these secure pipelines, you will empower Trase's software engineers to focus on high-velocity delivery while ensuring that we maintain the controls and capabilities required by our customers and regulators. Why This Role Exists Trase ships mission-critical agentic applications into Healthcare, Oil & Gas, and National Security at the pace of a startup, under the scrutiny of a defense contractor. Our engineering velocity and the speed at which we deploy highly-regulated workloads is one of our core advantages. To preserve that velocity while maintaining customer trust and assurance, we must ensure that security is seamlessly and inextricably linked to delivery - and never bolted on after the fact. This role exists to build upon our foundation and mature the ways in which we've embedded security throughout our pipelines and operations. It is a continued investment in our CI/CD security tooling, production cloud security architecture, detection and response capabilities, and the IaC patterns that make secure-by-default the path of least resistance for every Trase engineer.

Responsibilities

• Shift-Left Security in CI/CD
• Design, implement, and operate the shift-left security toolchain across Trase's CI/CD pipelines, which include but are not limited to SAST, DAST, SCA, secrets scanning, container image scanning, and IaC scanning.
• Define how findings are triaged, routed, and remediated; partner with engineering teams to keep developer experience high and friction low.
• Establish and enforce policy-as-code and pre-merge security gates calibrated to risk.
• Cloud Security Architecture
• Design and deploy Trase's production cloud security architecture, with a primary focus on Google Cloud Platform (GCP) and a clear path to multi-cloud as the business requires.
• Implement foundational controls including network segmentation, workload identity, secrets management, encryption (in transit and at rest), and least-privilege IAM using both cloud-native services and third-party applications or platforms.
• Stand up and operate cloud security posture management (CSPM) and cloud workload protection capabilities.
• Infrastructure-as-Code & Platform Security
• Build, codify, and maintain the secure-by-default infrastructure modules in Terraform, consumed by every Trase engineer.
• Embed security controls directly into platform abstractions so that the secure path is the default path.
• Drive secure baselines for Kubernetes, container runtimes, and serverless workloads.
• Detection, Monitoring & SIEM
• Operate and fine-tune Trase's SIEM and security telemetry pipeline, designing log sources, detections, and alerting workflows from the ground up.
• Define detection-as-code practices and tune detections to balance signal and noise.
• Build dashboards and reporting that give the security team and leadership real-time visibility into the live posture of the environment.
• Incident Response
• Enhance and lead aspects of Trase's technical security incident response capability, including runbooks, on-call rotation design, tabletop exercises, and post-incident reviews.
• Serve as a senior responder during security events, coordinating across stakeholder groups and the broader enterprise.
• Vulnerability & Threat Management
• Operate the end-to-end vulnerability management lifecycle across application, container, and cloud surface area.
• Facilitate remediation SLAs, partner with engineering to drive them, and repor

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at trase? Share your experience