Security Lead (DevOpsSRE)

About PetroApp

PetroApp is building a modern technology platform helping customers and partners move faster with confident reliable systems. As we scale our engineering organization were investing in both world-class reliability and pragmatic high-impact security.

The Role

Were hiring a Security Lead with a strong DevOps/SRE background to build and lead our security practice while remaining hands-on across cloud infrastructure CI/CD and production reliability.

Youll own the security strategy across the SDLC and production environment embed security into developer workflows lead vulnerability management and penetration testing with external vendors and work closely with our Platform/DevOps/SRE team to ensure PetroApps systems are both secure and reliable.

What Youll Do

Security Leadership & Strategy

• Own the overall security roadmap and strategy for PetroApp aligning it with business and product priorities.
• Act as the primary security point of contact for engineering and leadership.
• Define document and maintain security policies standards and guidelines for engineering teams.
• Lead risk assessments threat modeling and security design reviews for major initiatives.
• Define and track key security KPIs and report status risks and progress to leadership.

DevSecOps & SDLC Security

• Embed security into the SDLC by integrating SAST DAST dependency and container scanning and IaC scanning into CI/CD pipelines.
• Establish secure coding practices and patterns; provide guidance and reviews for high-risk changes.
• Set up and maintain secrets management and secrets detection across repos and environments.
• Drive vulnerability management: triage findings prioritize remediation track SLAs and verify fixes.
• Partner with engineers to ensure security controls are automated and developer-friendly.

Cloud & Platform Security (with SRE Mindset)

• Own and continuously improve the cloud and platform security posture (IAM networking encryption key management hardening).
• Design and enforce least privilege access models and secure-by-default infrastructure baselines.
• Ensure security is built into core platform components such as Kubernetes service-to-service communication and data stores.
• Collaborate with SRE/DevOps on secure resilient architectures covering scalability failover and disaster recovery.

Reliability & Incident Collaboration

• Collaborate with SRE/DevOps to maintain high availability and reliability of production systems.
• Contribute to observability and monitoring with a security lens: actionable alerts meaningful logging and traceability.
• Participate in incident response for security-related events including root cause analysis and long-term fixes.
• Help improve on-call and incident processes where security and reliability intersect.

External Security Engagements & Enablement

• Own relationships with external security vendors including penetration testing and security assessments.
• Scope coordinate and manage penetration tests; track findings through to remediation and retesting.
• Coordinate security-related input for audits certifications and customer security questionnaires as needed.
• Run security awareness and training initiatives tailored to engineers and operational teams.

What Were Looking For (Must-Have)

• 5 years of experience across DevOps/SRE/Platform Engineering and application/infrastructure security with at least 23 years as a primary security owner or lead.
• Proven experience leading or owning security in a cloud-native product-focused company.
• Strong DevOps/SRE background: operating production workloads on-call experience CI/CD ownership automation and infrastructure-as-code.
• Deep understanding of cloud security fundamentals (AWS/GCP): IAM networking encryption logging monitoring.
• Hands-on experience integrating security tooling into CI/CD pipelines (SAST DAST dependency scanning container/IaC scanning).
• Solid Linux and networking fundamentals; comfortable debugging complex production and security issues.
• Experience with containers and orchestration (Docker/Kubernetes) and securing them in production.
• Practical knowledge of OWASP Top 10 common attack vectors and secure coding principles.
• Experience managing penetration tests and/or security assessments including scoping coordination and remediation follow-up.
• Excellent communication and stakeholder management skillsable to influence and drive change without blocking delivery.

Nice to Have

• Experience building or operating within security frameworks/compliance programs (e.g. ISO 27001 SOC 2 PCI) relevant to PetroApps domain.
• Exposure to WAF API security service mesh security and zero trust patterns.
• Experience with SIEM/SOAR security analytics and detection engineering concepts.
• Hands-on involvement in bug bounty programs or coordinated vulnerability disclosure processes.
• Coding ability in at least one backend language (e.g. Python Go Java) to build security tooling and automation.
• Experience mentoring or managing engineers with a focus on security and platform engineering.

• You will own and shape the security function in a high-impact hands-on lead role.
• Youll work at the intersection of security reliability and platform engineering directly influencing how PetroApp scales.
• Opportunity to work with a modern tech stack and a team that values pragmatism automation and continuous improvement.
• A culture that cares about doing the right thing for customers and partners with leadership support for investing in security and reliability.