Engenheiro DevSecOps

TrueML
📍 🌍 Remoto Tempo integral Qualquer nível 3 semanas atrás

Descrição da vaga

<p>
</p><h3><strong>Why TrueML?</strong></h3>
<p>TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions.&nbsp;</p>
<p>The TrueML team includes inspired data scientists, financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.</p>
<p></p>\n<p></p><p><br></p><b>What you will do</b><div>
<p><strong>Position Summary</strong></p>
<p>We are seeking a Sr. Security Engineer to lead the integration of security across the software</p>
<p>development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and</p>
<p>application security, driving automation, scalability, and secure-by-default development practices.</p>
<p>You will design and implement security-first CI/CD pipelines, embed automated security testing, and</p>
<p>partner with engineering teams to ensure applications are built, deployed, and operated securely—at</p>
<p>scale</p>
<p><strong>Key Responsibilities</strong></p>
<p>Security Automation &amp; CI/CD Integration (Core Focus)</p>
<p>•&nbsp;Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD</p>
<p>pipelines</p>
<p>(GitHub Actions, Jenkins, GitLab CI, Azure DevOps)</p>
<p>•&nbsp;Design and maintain automated security workflows across build, test, and deploy stages</p>
<p>• Implement security gates, policy enforcement, and compliance checks within pipelines</p>
<p><strong>Cloud Security (AWS Focus)</strong></p>
<p>•&nbsp;Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)</p>
<p>•&nbsp;Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)</p>
<p>• Enforce least privilege access, secrets management, and runtime protections</p>
<div><strong>Own Cloud Security:</strong>&nbsp;</div>
<div>Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda).</div>
<div>&nbsp;</div>
<div><strong>Automate Compliance:</strong>&nbsp;Move beyond manual checks by building real-time monitoring and automated remediation for AWS resources, ensuring we stay "audit-ready" for frameworks like PCI and ISO 27001.</div>
<div>&nbsp;</div>
<div><strong>Lead Threat Modeling:</strong>&nbsp;Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans.</div>
<div>&nbsp;</div>
<div><strong>Innovate with AI:</strong>&nb
Candidatar-me agora →

Serás encaminhado para o anúncio original em remoteok.

Vagas semelhantes

Ver mais →

Ainda não tens a competência que a vaga pede?

Faz um curso na Academia do Saber e candidata-te com vantagem. Certificado incluído.

Ver cursos →