We are seeking a talented Senior DevSecOps Engineer / Security Architect to act as the primary security owner and focal point for the Velocity R&D organization. The ideal candidate will possess a background in IT and security platforms, strong coding skills, the ability to independently learn new technologies, an unwavering commitment to quality, a collaborative work ethic, and a profound passion for securing complex infrastructures.
Main Responsibilities:
Security Strategy & Architecture
Own and continuously improve Velocitys overall security posture, including risk assessment, prioritization, and long-term planning.
Design and guide secure architectures for new and existing systems and features, aligned with best practices and compliance requirements.
Lead threat modeling efforts and drive proactive validation against emerging attack techniques.
Evaluate, introduce, and develop security solutions tailored to Velocitys environment.
Design and implement security controls for emerging technologies, including agentic AI systems, addressing risks such as misuse, data leakage, and adversarial manipulation.
Security Engineering & DevSecOps
Embed security across the development lifecycle, including CI/CD pipelines, infrastructure, and application layers.
Enhance logging, auditing, and detection capabilities, and design detection strategies tailored to the platform.
Own and optimize security tooling, ensuring strong integration, visibility, and coverage across systems.
Incident Response & Operations
Investigate and respond to security incidents and alerts, leveraging deep system understanding.
Perform root cause analysis and drive improvements to prevent recurrence.
Collaboration & Enablement
Partner closely with R&D, IT, Product, and the CISO to ensure secure design and day-to-day operations.
Support compliance initiatives (e.g., SOC 2) and security reviews with internal and external stakeholders.
Assist in customer-facing security processes, including questionnaires and evaluations.
Promote security awareness and provide guidance across the organization.
Requirements: 5+ years of experience in DevSecOps, Security Engineering, or related roles within complex production environments.
Experience working in a cybersecurity company or security-focused organization.
Strong hands-on experience with cloud platforms, with a focus on AWS.
Solid experience working with Kubernetes, Docker, and Linux-based systems.
Proven experience integrating security into SaaS development lifecycles (SDLC) and working with monitoring and observability tools.
Experience with Infrastructure as Code (IaC) tools such as Terraform, Pulumi, or similar.
Proficiency in scripting and automation using languages such as Python and/or Bash.
Familiarity with security and IT platforms, including logging, monitoring, and detection systems.
Strong understanding of security principles, threat modeling, and frameworks (e.g., NIST-CSF, CIS, SOC2, MITRE ATT&CK).
Ability to operate independently, take ownership, and drive initiatives end-to-end.
Excellent communication skills, including the ability to operate effectively during high-pressure incidents in a global environment.
Advantages:
Hands-on experience with databases and data platforms such as PostgreSQL, Snowflake, Elasticsearch, or Redis.
Background in DevOps / Platform Engineering roles.
Experience in consulting or customer-facing environments.
This position is open to all candidates.