Blockdaemon - DevOps Security Engineer

• 3–5+ years in a combined DevOps / Security Engineering / DevSecOps role where you were building and operating, not just recommending. • CI/CD pipeline engineering: Deep, hands-on experience with at least one of Jenkins, GitLab CI, or GitHub Actions — including writing custom plugins, shared libraries, or reusable workflow templates. • Security tooling integration: Production experience implementing and tuning SAST (e.g., SonarQube, Semgrep, CodeQL), DAST (e.g., OWASP ZAP, Burp Suite), and SCA (e.g., Snyk, Dependabot, Grype) tools within automated pipelines. • Cloud security: Proven ability to secure production workloads on at least one major cloud provider (AWS, Azure, or GCP). You understand IAM policies, network segmentation, encryption-at-rest/in-transit, and cloud-native security services at an implementation level — not just a whiteboard level. • Container & orchestration security: Hands-on experience securing Docker and Kubernetes environments — image scanning, runtime security (Falco, Sysdig, or similar), admission controllers, network policies, and supply chain security (signing, SBOMs). • Infrastructure as Code: Proficiency with Terraform, CloudFormation, or Pulumi, combined with experience auditing IaC for security misconfigurations using policy-as-code frameworks (OPA/Rego, Sentinel, Checkov). • Scripting & automation: Strong coding ability in Python, Go, or Bash — sufficient to build custom tooling, write security automation, and contribute patches to application code when needed. • Vulnerability management: Experience running or significantly contributing to a vulnerability management program — triage, SLA enforcement, risk-based prioritization, and metrics reporting. • Solid fundamentals: Strong understanding of OWASP Top 10, CWE/CVE ecosystems, secrets management (Vault, AWS Secrets Manager), TLS/mTLS, and common attack vectors against web applications and APIs. • Experience with compliance-as-code frameworks and automating evidence collection for SOC 2, ISO 27001, FedRAMP, or PCI-DSS audits. • Familiarity with eBPF-based security observability tools or kernel-level runtime security. • Background in penetration testing or red team exercises, particularly against cloud-native infrastructure. • Experience building or operating a software supply chain security program (SLSA framework, Sigstore/Cosign, in-toto attestations, SBOM generation and consumption). • Knowledge of GitOps workflows (ArgoCD, Flux) and securing the GitOps delivery model. • Contributions to open-source security tooling or published security research. • Relevant certifications such as CKS (Certified Kubernetes Security Specialist), AWS Security Specialty, OSCP, or GIAC certifications — valued as evidence of depth, not as a checkbox. • This role is for someone who thinks in terms of attack surfaces and blast radius, who automates by instinct, and who measures their success by the security issues that never make it to production. If your idea of a good day is shipping a pipeline change that eliminates an entire class of vulnerability across every repo in the organization — we want to talk to you.