DevSecOps Engineer

DevSecOps Engineer – Research Infrastructure

About the Role

We are seeking an experienced DevSecOps Engineer with deep domain knowledge in security-as-code practices to join a high-performance infrastructure engineering team. This team supports one of the world’s most advanced hybrid research environments, combining high-performance computing (HPC), large-scale data storage, and public cloud infrastructure.

This hands-on technical role will focus on enabling secure, seamless workload portability between on-premise and cloud-based research platforms. You’ll architect and engineer solutions that enforce security from the ground up—partnering closely with infrastructure, research, and software teams.

Core Focus Areas

• Identity and Access Management (IAM)
• Secrets Management (e.g., HashiCorp Vault)
• Policy-as-Code (e.g., OPA, Kyverno, Gatekeeper)

Key Responsibilities

• Design, implement, and manage IAM systems, including provisioning, authentication, authorization, and role management across hybrid environments
• Develop and maintain DevSecOps pipelines that integrate compliance, secrets management, and access control as code
• Collaborate with researchers and infrastructure engineers to embed security-by-design into tools, workflows, and infrastructure platforms
• Build integrations with secrets management platforms, such as HashiCorp Vault
• Automate infrastructure deployments and compliance with Terraform, Ansible, and other IAC tools
• Monitor platform health and risk using Prometheus, Grafana, Splunk, and similar observability tools
• Write scalable, maintainable tooling in Python or Go to support platform automation and security

Preferred Qualifications

• 5+ years in DevSecOps, platform engineering, or cloud security roles
• Proven experience in designing and operating hybrid infrastructure environments (on-prem + AWS preferred)
• Deep understanding of security protocols like SAML, OAuth2, OIDC, LDAP
• Experience with policy-as-code frameworks such as OPA, Kyverno, Gatekeeper, or Sentinel
• Proficiency in secrets management, especially HashiCorp Vault
• Strong programming and scripting skills in Python or Golang
• Familiarity with Docker and Kubernetes is a plus
• Strong understanding of CI/CD pipelines using tools such as GitLab, Jenkins, GitHub Actions