DevSecOps Engineer

DevSecOps Engineer – Research Infrastructure

Are you ready to apply Make sure you understand all the responsibilities and tasks associated with this role before proceeding.

About the Role

We are seeking an experienced DevSecOps Engineer with deep domain knowledge in security-as-code practices to join a high-performance infrastructure engineering team. This team supports one of the world’s most advanced hybrid research environments, combining high-performance computing (HPC), large-scale data storage, and public cloud infrastructure.

This hands-on technical role will focus on enabling secure, seamless workload portability between on-premise and cloud-based research platforms. You’ll architect and engineer solutions that enforce security from the ground up—partnering closely with infrastructure, research, and software teams.

Core Focus Areas

• Identity and Access Management (IAM)
• Secrets Management (e.g., HashiCorp Vault)
• Policy-as-Code (e.g., OPA, Kyverno, Gatekeeper)

Key Responsibilities

• Design, implement, and manage IAM systems, including provisioning, authentication, authorization, and role management across hybrid environments
• Develop and maintain DevSecOps pipelines that integrate compliance, secrets management, and access control as code
• Collaborate with researchers and infrastructure engineers to embed security-by-design into tools, workflows, and infrastructure platforms
• Build integrations with secrets management platforms, such as HashiCorp Vault
• Automate infrastructure deployments and compliance with Terraform, Ansible, and other IAC tools
• Monitor platform health and risk using Prometheus, Grafana, Splunk, and similar observability tools
• Write scalable, maintainable tooling in Python or Go to support platform automation and security

Preferred Qualifications

• 5+ years in DevSecOps, platform engineering, or cloud security roles
• Proven experience in designing and operating hybrid infrastructure environments (on-prem + AWS preferred)
• Deep understanding of security protocols like SAML, OAuth2, OIDC, LDAP
• Experience with policy-as-code frameworks such as OPA, Kyverno, Gatekeeper, or Sentinel
• Proficiency in secrets management, especially HashiCorp Vault
• Strong programming and scripting skills in Python or Golang
• Familiarity with Docker and Kubernetes is a plus
• Strong understanding of CI/CD pipelines using tools such as GitLab, Jenkins, GitHub Actions