Staff DevSecOps Engineer

About Us

Co-founded in 2023 by Joe Laws and Grant Verstandig Trase Systems is AI Uncomplicated. Trase empowers enterprise leaders to harness the full potential of AI without the associated complexity and risks. We are an end-to-end solution for deploying managing and optimizing AI in the enterprise. Our platform specializes in bridging the last mile of AI adoption unlocking AIs full potential while driving efficiency and significant cost savings. Trase is at the forefront of AI Agent innovation topping the Hugging Face GAIA Leaderboard for Generalized AI Assistants ahead of industry giants such as Google Meta Microsoft and OpenAI. We are leveraging our cutting-edge technologies to develop mission-critical agentic applications in complex industries such as Healthcare Oil & Gas and National Security.

About the Role

As the Staff DevSecOps Engineer you will be the technical owner of how security is built into Trases software development lifecycle and cloud operations.

You will integrate automated security testing continuous vulnerability management and secure coding practices directly into our existing CI/CD pipelines where the cost of catching misconfigurations and vulnerabilities is lowest and the blast radius is smallest. You will own the implementation of Trases dedicated security architecture delivering shift-left tooling (SAST DAST SCA secrets scanning and IaC scanning) alongside production cloud security services and resources all deployed through infrastructure-as-code.

By standardizing and operating these secure pipelines you will empower Trases software engineers to focus on high-velocity delivery while ensuring that we maintain the controls and capabilities required by our customers and regulators.

Why This Role Exists

Trase ships mission-critical agentic applications into Healthcare Oil & Gas and National Security at the pace of a startup under the scrutiny of a defense contractor. Our engineering velocity and the speed at which we deploy highly-regulated workloads is one of our core advantages.

To preserve that velocity while maintaining customer trust and assurance we must ensure that security is seamlessly and inextricably linked to delivery and never bolted on after the fact.

This role exists to build upon our foundation and mature the ways in which weve embedded security throughout our pipelines and operations. It is a continued investment in our CI/CD security tooling production cloud security architecture detection and response capabilities and the IaC patterns that make secure-by-default the path of least resistance for every Trase engineer.

Responsibilities

Shift-Left Security in CI/CD

• Design implement and operate the shift-left security toolchain across Trases CI/CD pipelines which include but are not limited to SAST DAST SCA secrets scanning container image scanning and IaC scanning.
• Define how findings are triaged routed and remediated; partner with engineering teams to keep developer experience high and friction low.
• Establish and enforce policy-as-code and pre-merge security gates calibrated to risk.

Cloud Security Architecture

• Design and deploy Trases production cloud security architecture with a primary focus on Google Cloud Platform (GCP) and a clear path to multi-cloud as the business requires.
• Implement foundational controls including network segmentation workload identity secrets management encryption (in transit and at rest) and least-privilege IAM using both cloud-native services and third-party applications or platforms.
• Stand up and operate cloud security posture management (CSPM) and cloud workload protection capabilities.

Infrastructure-as-Code & Platform Security

• Build codify and maintain the secure-by-default infrastructure modules in Terraform consumed by every Trase engineer.
• Embed security controls directly into platform abstractions so that the secure path is the default path.
• Drive secure baselines for Kubernetes container runtimes and serverless workloads.

Detection Monitoring & SIEM

• Operate and fine-tune Trases SIEM and security telemetry pipeline designing log sources detections and alerting workflows from the ground up.
• Define detection-as-code practices and tune detections to balance signal and noise.
• Build dashboards and reporting that give the security team and leadership real-time visibility into the live posture of the environment.

Incident Response

• Enhance and lead aspects of Trases technical security incident response capability including runbooks on-call rotation design tabletop exercises and post-incident reviews.
• Serve as a senior responder during security events coordinating across stakeholder groups and the broader enterprise.

Vulnerability & Threat Management

• Operate the end-to-end vulnerability management lifecycle across application container and cloud surface area.
• Facilitate remediation SLAs partner with engineering to drive them and report on progress to leadership.

Cross-Functional Partnership

• Partner closely with Engineering and the broader Security and Compliance team to translate framework requirements (e.g. SOC 2 HIPAA ISO 27001 FedRAMP NIST 800-53) into defensible robust controls.
• Embed with Product and Engineering teams to ensure security is an integral part of how Trase builds by design.

Mentorship & Engineering Leadership

• Mentor junior Security and Compliance engineers and members of the Engineering team on secure coding threat modeling and cloud security best practices.
• Establish and propagate the patterns runbooks and reusable building blocks that allow Trases security capabilities to scale with the company.

Requirements

• 10 years of experience in security engineering DevSecOps cloud security or platform security roles including significant time as a senior individual contributor.
• Deep hands-on experience securing modern CI/CD pipelines including production deployment of SAST DAST SCA secrets container and IaC scanning.
• Strong cloud security expertise with primary depth in Google Cloud Platformor proven multi-cloud expertise and the ability to operate authoritatively in GCP.
• Expert-level Terraform skills and a track record of building secure-by-default IaC modules consumed by other engineers.
• Demonstrated experience standing up and operating a SIEM end-to-endfrom log source design through detection engineering and alert tuning.
• Hands-on incident response leadership including runbook authorship on-call design and serving as a senior responder during real incidents.
• Practical experience operating in environments governed by SOC 2 HIPAA and ISO 27001 with a clear understanding of how engineering controls map to framework requirements.
• Strong programming or scripting skills (Python Go or similar) sufficient to build automation integrations and toolingnot just to configure off-the-shelf products.
• Excellent partnership skills and a developer-empathetic mindset; track record of making security the path of least resistance rather than a bottleneck.
• Strong affinity and practical skill for working with LLMs and AI agents as part of your own workflowclear judgment on when and how to deploy them to move quickly orchestrate work and ship with confidence.
• US Citizen and eligible for US security clearance

Nice to Have

• Hands-on experience implementing security architectures or controls for FedRAMP (Moderate or High) DoD RMF HITRUST or other heavily regulated frameworks.
• Active US security clearance (Secret TS or TS/SCI).
• Deep Kubernetes and container security expertise (admission control runtime security software supply chain security).
• Experience securing AI/ML workloads including model supply chain integrity prompt injection defenses and agent execution sandboxing.
• Industry certifications such as Google Professional Cloud Security Engineer AWS Security Specialty OSCP GIAC (GCSA GCIH GCIA) or CKS.
• Open source contributions to security tooling detection content or IaC modules.

Salary Range:$00. This represents the typical salary range for this position based on experience skills and other factors.

Our Trase Benefits:

For full-time roles only

• Career track opportunity with potential for rapid advancement withstrong performanceas the firm grows
• 100% employer paid comprehensive health care including medical dental and vision for you and your family.
• Paid maternity and paternity for 14 weeks at employees normal pay.
• Unlimited PTO with management approval.
• Opportunities for professional development and continued learning.
• Optional 401K FSA and equity incentives available.
• Mental health benefits are available through Tara Mind.

Were an Equal Opportunity Employer: Youll receive consideration for employment without regard to race sex color religion sexual orientation gender identity national origin protected veteran status or on the basis of disability.

Applicant Data Disclosure

Bysubmittingan application you acknowledge that Red Cell Partners LLC (Red Cell) uses third-party service providers tofacilitateits recruitment and hiring processes. These providers include applicant tracking systems candidate verification platforms and fraud detection tools (collectively Hiring Platforms). Your application materials including your résumé cover letter work samples responses to application questions and any other information yousubmit may be transmitted to and processed by these Hiring Platforms for the following purposes:

• Managing and administering your application throughout the hiring process;

• Verifying the accuracy and authenticity of application materials including by cross-referencing information you provide against publicly available sources and proprietary databases;
• Identifyingindicators of potentially fraudulent fabricated or materially misleading application content including but not limited to discrepancies betweensubmittedmaterials and publicly available professional profiles geographic anomalies and fabricated work histories.

Applications that are flagged through this process ascontainingindicators of fraud or material misrepresentation may be declined from further consideration. If you have questions about the status of your application or the evaluation process please contacttalent@.

Red Cell requires its Hiring Platform providers to process your information solely for the purposes described above andin accordance withapplicable law. Your information will beretainedonly for as long as necessary to fulfill these purposes and any applicable legal obligations after which it will bedeletedin accordance withRed Cells data retention policies.

For more information about how your data is used please refer to our Privacy Policy and Applicant Privacy Notice.