Director of DevOpsSecOps

DIRECTOR OF DEVOPS/SECOPS

ABOUT SERVICECORE

ServiceCore is the leading field service software platform built for the portable sanitation and roll-off industries. We run two SaaS products - ServiceCore for liquid waste operators (portable sanitation & septic) and Docket for solid waste haulers (roll-off dumpster commercial & residential waste) - serving thousands of operators across North America. Our software helps hardworking business owners save time stay organized and get paid faster by streamlining job management route optimization inventory tracking and billing automation. Our customers work hard and so do wegiving them tools to get more done with less stress.

We live by our core values of Love Our Customers Be Real Give a Shit Deliver Results and of course Keep it Fun. ServiceCore provides hard-working individuals the opportunity to work and grow within an agile fast-paced start-up environment. We are proud of our accomplishments and take our jobs seriously while not taking ourselves too seriously. We believe in growing together celebrating successes and empowering each team member to make a real impact.

We build big things help hard-working people and try to enjoy the journey. If that sounds like your kind of place read on.

ABOUT THE ROLE

Were looking for a Director of Dev/SecOps to own the security posture and operational foundation across ServiceCores entire cloud environment. This is a security-first leadership role - youll be the person who makes sure we build and ship software the right way: securely reliably and at speed.

Youll be operating across two distinct cloud platforms: ServiceCore runs on AWS while Docket runs on GCP with Firebase at its core. That means youre not just securing one stack - youre building a unified security program across two cloud providers two codebases and 20 third-party integrations.

Were also an AI-first development organization and that creates a genuinely new set of responsibilities for this role. Were already using a wide range of AI tools across engineering; youll be the person who governs that toolchain: helping us evaluate what to adopt setting the policies that protect our customers data and making sure our AI usage doesnt become a security liability as we scale.

This role reports to senior leadership and owns the security roadmap end-to-end. Its a builder role - youll inherit a solid foundation and have the mandate to make it great.

WHAT YOULL DO

AI Tool Governance & Security

• Partner with the AI Council and Engineering Directors to build our AI tool evaluation framework - define the security privacy and compliance criteria we use to assess every new AI tool before adoption
• Govern our multi-LLM provider relationships - review data processing agreements audit data retention policies and ensure contractual protections for customer data
• Establish and enforce policies around what data can flow through AI services: PII boundaries source code confidentiality rules and customer data handling requirements for coding assistants LLM APIs and agentic tools
• Secure MCP-connected agents that have access to internal systems - define least-privilege access models audit trails and data egress controls
• Define secure patterns for integrating LLM capabilities into our products - prompt injection defenses output validation model access controls and logging/observability for AI-driven features
• Build and maintain an AI tool inventory with risk classifications; lead periodic reviews as the landscape evolves
• Partner with engineering and product to help us get the productivity benefits of AI without creating new risk exposure

Security Leadership

• Own and continuously improve our security posture across AWS and GCP/Firebase
• Lead threat modeling vulnerability management and security incident response programs
• Establish and enforce security policies standards and controls across the full SDLC
• Champion a security-first engineering culture - make secure the path of least resistance for developers
• Manage relationships with external auditors penetration testers and compliance bodies

Compliance & Risk

• Drive and maintain SOC 2 Type II compliance; own evidence collection and audit processes across both platforms
• Manage PCI-DSS considerations across payment processor integrations
• Build and maintain a risk register; proactively surface and prioritize risks to leadership
• Own third-party vendor security reviews across our 20 integration partners - including AI vendors
• Monitor regulatory developments relevant to SaaS AI and the industries we serve

DevOps & Platform Engineering

• Secure CI/CD pipelines across both cloud environments - secrets management dependency scanning SAST/DAST
• Lead infrastructure-as-code strategy and ensure security guardrails are built in by default
• Own cloud security architecture
• Secure Cloudflare CDN/WAF configuration DDoS posture and DNS hygiene
• Drive incident response readiness: runbooks on-call processes post-mortems and SLA accountability

Team & Cross-Functional Leadership

• Hire develop and lead a DevSecOps team; build the function on a strong foundation
• Collaborate with engineering leads on architectural decisions that carry security implications
• Report to senior leadership on security metrics risk posture compliance status and AI tool governance
• Serve as the internal expert and educator on security and AI risk topics across the organization

WHAT YOULL BRING

• 10 years of experience in DevOps SecOps or a combined DevSecOps role
• 3 years in a leadership or management capacity with direct reports
• Deep hands-on experience with AWS security: IAM VPC ECS Lambda SQS RDS DynamoDB Secrets Manager CloudWatch CloudFormation
• Meaningful experience with GCP and/or Firebase: Firestore security rules Cloud Functions security GCP IAM service account management
• Experience owning or significantly contributing to SOC 2 Type II audits
• Strong background in securing CI/CD pipelines and containerized workloads (Docker ECS or EKS)
• Demonstrated experience governing third-party integrations and API security at scale
• Working knowledge of SAST DAST SCA dependency scanning and secrets management tooling
• A real point of view on AI tool security - you understand the risks of coding assistants LLM APIs MCP-connected agents and AI embedded in developer workflows and you know how to manage them without killing productivity
• Ability to communicate risk and security concepts clearly to non-technical audiences and executives
• Background in SaaS with understanding of multi-tenant security architecture

NICE TO HAVE

• Relevant certifications: CISSP AWS Security Specialty Google Professional Cloud Security Engineer CCSP or equivalent
• Experience with PCI-DSS compliance in a SaaS context
• Familiarity with Cloudflare security features: WAF Zero Trust Workers DDoS protection
• Experience securing PHP legacy applications alongside modern microservices
• Hands-on experience with vector database security (e.g. Qdrant) or AI/ML pipeline security
• Experience defining data governance policies for AI tools in a software engineering organization
• Background building DevSecOps functions from scratch at a growth-stage company

WHY SERVICECORE

Youll have real ownership a seat at the table and the mandate to build a security program youre proud of. We move fast but not recklessly. We take AI seriously as a productivity multiplier - and we take the responsibility that comes with it equally seriously. This is the right role for someone who wants to do both.

• Base Salary: $190000-$225000 (Dependent on Experience)
• 14 Company Holidays in addition to an Open Time Off policy
• Healthcare dental and vision insurance with generous employer contributions
• 401(k) w/ match
• Regular lunches and a fully-stocked kitchen (if in Denver)
• Bi-weekly Grubhub lunch stipend for remote folks
• Company-provided hardware of your choice/configuration
• A Strong Company Culture that Lives by Our Core Values - Love our Customers Be Real Give a Shit Deliver Results and Keep it Fun.

HOW TO APPLY

Apply through our careers page or reach out to our recruiting team. Our interview process is designed to be respectful of your time and give you a real look at who we are and how we work.

Required Experience:

Director