DevSecOps Engineer

We are a rapidly growing US-based space startup revolutionizing satellite imaging using advanced in-orbit capabilities. Specifically our expertise lies in leveraging in-space assets for Space Domain Awareness (SDA) and Non-Earth Imaging (NEI). As an international company we navigate a unique landscape while delivering critical services to our clients. Having recently secured several significant contracts we are expanding our team to meet the exciting demands of our growth.

To support this next phase were building a high-performing interdisciplinary team capable of pushing the boundaries of space technology. Were looking for talented passionate people who value collaboration growth and learning to join us.

HEO is a post-Series A company backed by high-profile venture funds including Airtree Y Combinator and In-Q-Tel. We are headquartered in Sydney Australia with offices in London UK and Washington D.C. USA.

Role Overview

As HEO USAs first dedicated Security & DevOps Engineer you will be the technical architect and lead for our domestic cloud infrastructure. You will lead the critical mission of migrating securing and managing sensitive HEO data to our US-based AWS environment.

This role requires a hands-on expert who can build automated CI/CD pipelines while simultaneously architecting a CMMC (Cybersecurity Maturity Model Certification) compliant program from the ground up to support our US government and defense-related contracts.

Key Responsibilities

1. Cloud Migration & Infrastructure (AWS)

• Data Migration: Design and execute the secure transfer of data and services from international AWS regions to US-based regions (e.g. US-East-1 or AWS GovCloud).
• Infrastructure as Code (IaC): Build and maintain the US cloud footprint using Terraform or CloudFormation to ensure repeatable documented environments.
• Architecture: Optimize the AWS stack for performance cost and high availability ensuring it meets the specific operational needs of the US subsidiary.

2. DevSecOps & Automation

• CI/CD Pipeline Security: Integrate automated security scanning (SAST/DAST) and dependency checking into the deployment pipeline.
• Container Security: Manage and secure containerized workloads (Docker/K8s) ensuring image scanning and runtime protection.
• Monitoring & Logging: Implement comprehensive observability using tools like AWS CloudWatch CloudTrail or ELK Stack to ensure real-time threat detection.

3. Cybersecurity & CMMC Compliance

• CMMC Program Development: Architect and implement the technical and administrative controls required for CMMC Level 2 (or higher) compliance.
• Identity & Access Management (IAM): Enforce the Principle of Least Privilege (PoLP) and Zero Trust architecture across all US systems.
• Vulnerability Management: Lead regular patching cycles vulnerability scans and coordination of third-party penetration testing.
• Documentation: Maintain the System Security Plan (SSP) and Plan of Action and Milestones (POA&M) required for federal audits.

Required Qualifications & Skills

• Experience: 4 years in DevOps Site Reliability or Security Engineering roles with a heavy focus on AWS supporting federal and public sector programs (preferably DoD and Intelligence Community)
• AWS Mastery: Deep technical proficiency with VPC IAM S3 EC2 RDS and AWS Security Hub. Experience with AWS GovCloud is a significant plus.
• Compliance Expertise: Proven track record of building and maintaining environments compliant with CMMC (Level 2) NIST 800-171 or FedRAMP.
• Automation Tools: Expertise in Infrastructure as Code (Terraform Ansible or CloudFormation) and CI/CD tools (GitHub Actions GitLab CI or Jenkins).
• Security Tooling: Hands-on experience with SIEM EDR and vulnerability scanners (e.g. Nessus Qualys or Snyk).

Preferred Certifications

• AWS Certified Solutions Architect Associate or Professional
• AWS Certified Security Specialty
• CISSP (Certified Information Systems Security Professional)
• CMMC Certified Professional (CCP)

Rewards & Benefits

We understand that a competitive offer extends beyond base salary. As a rapidly growing startup were committed to building a highly motivated team and believe in sharing our success. We offer a comprehensive total rewards package designed to attract and retain top talent:

• Competitive Base Salary: We offer a strong base salary commensurate with your experience and the significant impact youll have on our growth.
• Employee Stock Option Plan (ESOP): As an early-stage employee youll receive a meaningful grant of employee stock options. This provides you with an ownership stake in our company and the opportunity to share directly in our future success. We believe in aligning your contributions with our collective growth offering substantial upside potential as we achieve our ambitious milestones.
• Company-sponsored 401(k): Matching contributions vested immediately.
• Comprehensive Healthcare: Your well-being is a priority. We provide a robust employer-sponsored healthcare plan to ensure you and your family have access to quality medical care.
• Generous Paid Time Off: We value work-life balance and offer annual Paid Time Off (PTO) plus additional dedicated sick days.
• Paid Federal Holidays: Enjoy all federal holidays throughout the year allowing you to recharge and spend time with loved ones.

What We Value:

Youll love being on our team if you are someone who:

• Thrives in an ambiguous semi-structured and dynamic environment.
• Upholds the highest level of integrity.
• Is proactive and takes initiative.
• Isnt afraid to pitch in where the team needs you most.
• Can be depended on to do what they say and uphold their end of the teamwork.
• Is innovative agile and flexible.
• Fully believe if youre not having fun doing what you do you are in the wrong place.

HEO USA is an Equal Opportunity Employer (EOE).

We are committed to providing equal employment opportunities to all qualified applicants and employees without regard to race color religion sex (including pregnancy childbirth or related medical conditions sex stereotyping transgender status and gender identity) national origin age (40 or older) marital status sexual orientation disability genetic information military or veteran status or any other characteristic protected by federal state or local law.

As a federal contractor we are committed to affirmative action for protected veterans and individuals with disabilities. We strive to create a diverse and inclusive workforce where all employees feel valued respected and have the opportunity to contribute to their fullest potential.

We provide reasonable accommodations to qualified individuals with disabilities and for religious beliefs practices or observances unless doing so would cause undue hardship. If you require an accommodation to participate in the application or interview process please reach out.