vanilla - Senior DevSecOps Engineer
Requirements
• Hands-on AWS experience: infrastructure, networking, and cloud security posture • Experience with infrastructure-as-code (Terraform or CloudFormation)Strong understanding of IAM, network security, encryption, and secrets management • Hands-on vulnerability management experience: scanning, triage, remediation workflows • Experience with threat modeling, secure code review, and CI/CD security gating. • Strong scripting and automation skills (Python, Bash, or similar) • Experience operating security tooling: EDR, SIEM, email security, WAF, or similar • Familiarity with SentinelOne, Sublime, Panther, or Cloudflare specifically • Prior incident response or tabletop exercise facilitation • Exposure to AI/ML security: LLM risks, securing inference endpoints, or data privacy in ML contexts • Experience in fintech, wealthtech, or other regulated industries • Familiarity with supply chain security • The salary range for this role is $180,000 to $210,000. Our compensation packages also include a performance-based bonus and equity. Compensation is based on a number of factors and may vary depending on job-related knowledge, skills, and experience.
Responsibilities
• Cloud & Infrastructure Security • Secure AWS infrastructure, systems, and networking • Review infrastructure-as-code (Terraform) changes for security implications • Support secrets management, IAM policy reviews, and encryption standards • Triage and respond to cross-team IT requests that carry security implications • Security Operations & Tooling • Operate and tune security tooling including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare • Monitor and triage security alerts across dedicated channels • Serve as the primary responder for cross-team security requests • Vendor & Program Management • Manage the vCISO relationship, including coordinating on cloud security posture, endpoint coverage, and SOC 24x7 operations • Own the annual penetration test lifecycle: vendor selection, scoping, coordination, remediation tracking, and reporting • Scope and coordinate AI red team engagements • Run tabletop exercises and maintain the incident response playbook • Build and maintain a multi-quarter security roadmap in partnership with engineering leadership • Application Security • Own and evolve pre-deploy security gates across CI/CD pipelines • Run vulnerability management for libraries and application code: scanning, prioritization, and remediation workflows • Conduct threat modeling for new features, integrations, and architecture changes • Champion secure coding practices across engineering teams • Scope and coordinate AI red team exercises against Vanilla’s AI-powered features • Assess security of AI/ML pipelines, inference endpoints, and third-party AI vendor integrations • Implement and maintain guardrails for AI outputs, including controls against prompt injection and data exfiltration • Establish data governance practices for sensitive training data (PII/PHI in estate and financial documents) • WHAT THIS ROLE IS NOT • This role is focused on infrastructure and security engineering, not compliance or customer trust. SOC 2, security questionnaires, and audit documentation sit elsewhere in the org.
Benefits
• Flexible paid time off policy and 10 company-wide paid holidays • Parental leave, 6 weeks for all full-time employees and up to 14 weeks for birthing parents • Medical, dental, and vision benefits coverage for employees and their families • 401K eligibility after one month of employment • Free estate planning documents • Budget for learning & development and home office setup • Paid parking or transit for hybrid and in office employees
Apply in one click
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT