Full-Time DevSecOps Engineer

About Bobsled Our goal at Bobsled is to transform the way data is shared across organizations, clouds, and data platforms. Our cross-cloud platform enables enterprises to share data quickly and securely through one unified control plane that manages all aspects of data sharing, including replication, updates, versioning, entitlements, telemetry, and more.

By solving these problems, we will:

• Remove barriers to collaboration between organizations
• Facilitate and democratize the use of data to enable better decision-making
• We believe that by using data collaboratively, we can enable better solutions to the world's hardest problems.

The Role We are looking for an experienced DevSecOps Engineer to drive the security, reliability, and operational excellence of Bobsled's data-sharing platform. You'll apply your expertise to complex technical and business challenges, ensuring that our infrastructure and pipelines are not only highly available and scalable but also secure by design.

Please note: This role is open exclusively to candidates located in the Central Time (CT) or Eastern Time (ET) zones in the USA or Canada.

This role blends the disciplines of Site Reliability Engineering (SRE), Traditional DevOps, and Security, and you will play a key role in securing Bobsled's multi-cloud environment (GCP, AWS, Azure, Cloudflare, Snowflake, Databricks, Oracle Cloud Infrastructure). Your work will have a direct and massive impact on the way organizations securely share and collaborate on data across the world.

As an early hire, you will also play a pivotal role in shaping our team culture, fostering a collaborative environment, and assessing engineering candidates.

Key Responsibilities

• Security-First Engineering: Integrate security best practices into CI/CD pipelines, infrastructure as code (IaC), and operational processes.
• Cloud Security: Ensure Bobsled's multi-cloud infrastructure follows security best practices, including identity and access management (IAM), network security, and encryption.
• Infrastructure and Application Security: Design and implement secure, scalable, and reliable systems while enforcing policies around least privilege, zero trust, and compliance frameworks.
• Secure CI/CD Pipelines: Build and maintain pipelines that ensure safe, compliant, and automated deployment of infrastructure and applications.
• Incident Response & Threat Detection: Establish and continuously improve incident response processes, threat detection, and security observability for our cloud environments.
• Monitoring & Observability: Develop robust monitoring, logging, and alerting systems for both security and reliability, ensuring visibility into infrastructure and application health.
• Secrets & Credential Management: Implement and manage secure handling of credentials, keys, and secrets in alignment with best practices.
• Risk & Compliance Awareness: Work cross-functionally to align with security frameworks (SOC 2, ISO 27001, etc.) and assist in compliance efforts.

Preferred Qualifications

• 8+ years of experience in SRE, DevOps, or DevSecOps, managing distributed cloud-native systems in production.
• Strong background in cloud security principles, with hands-on experience securing AWS, GCP, Azure, and/or OCI environments.
• Proficiency in Infrastructure as Code (IaC) tools like Terraform (CDKTF).
• Expertise in security monitoring and incident response.
• Deep understanding of modern IAM, role-based access control (RBAC), and secrets management.
• Experience designing hardened CI/CD pipelines that enforce security policies and compliance requirements.
• Knowledge of security compliance frameworks such as SOC 2, NIST, ISO 27001 is a strong plus.

What is the last date for applying to the job?

Which countries are accepted for this remote job?