102526 – Sr. DevSecOps Engineer
Summary
Clearco is hiring a Senior DevSecOps Engineer to strengthen cloud security, platform reliability, and incident response across our systems. This hands-on role sits at the intersection of infrastructure, security, and reliability, and focuses on making security a practical, repeatable part of how we build and operate services.
You will work closely with Product Engineering, Data Science, and IT to implement secure-by-default guardrails, improve detection and telemetry, and drive vulnerability and supply-chain risk reduction across our GCP environment and CI/CD pipelines. This is an opportunity to shape security posture and practices at scale while delivering measurable impact.
Responsibilities
- Own platform security and reliability improvements across our GCP environment.
- Harden identity and network controls in GCP, including IAM patterns, service accounts/workload identity, organization policies, and network segmentation.
- Build security into CI/CD by implementing and enforcing SAST, SCA, secret detection, and container/image scanning.
- Drive vulnerability management and reduce software supply chain risk across services, dependencies, container images, and build pipelines.
- Lead threat modeling and security design reviews for new features and significant architecture changes.
- Improve security observability by tuning telemetry, reducing alert noise, and building high-signal detections and dashboards.
- Lead investigations and coordinate incident response for security alerts and incidents, and drive post-incident improvements.
- Champion secure SDLC practices through standards, documentation, guardrails, and coaching for product engineering teams.
- Define and maintain end-user device security standards, including requirements for EDR and remote access tooling, and partner with stakeholders for execution.
- Support compliance and audit readiness by conducting internal security reviews and helping align practices with SOC 2, GDPR, and NIST frameworks.
Requirements
- 5+ years of experience across cloud infrastructure and security (DevSecOps, platform security, security engineering, or SRE with strong security focus).
- Deep hands-on experience with Google Cloud Platform (GCP); AWS experience acceptable as alternative.
- Strong hands-on experience with Kubernetes and service networking.
- Proven Infrastructure-as-Code skills (for example Terraform) and ability to build reusable automation.
- Practical experience integrating security into CI/CD workflows (implementing and enforcing scanners and policy controls).
- Experience driving vulnerability management and addressing software supply chain risk.
- Experience leading incident response: investigation, coordination, post-incident follow-through, and continuous improvement.
- Strong fundamentals in cloud networking and identity controls (IAM, service accounts, workload identity).
- Comfortable partnering cross-functionally and driving work end-to-end in ambiguous areas.
- Hands-on experience with container tooling and build pipelines (Docker, Jenkins).
Nice to Have
- Experience with Istio.
- Familiarity with application security scanning tools such as Semgrep, Veracode, or GitHub Advanced Security.
- Familiarity with CrowdStrike (EDR) and Splunk (SIEM).
- Experience supporting compliance and audit readiness for SOC 2, GDPR, or NIST, including evidence support.