Full-Time Founding DevSecOps Engineer

MetalBear builds open-source developer tools for cloud engineers. Our flagship product, mirrord, allows developers to run local processes as if they were inside their cloud environment—without the hassle of deployment or disrupting shared environments.

We are looking for a Founding DevSecOps Engineer to take ownership of our IaC, security architecture, certifications (e.g. ISO 27001, SOC2), and CI/CD pipelines. This role is crucial in ensuring that our engineering team can develop and deploy efficiently while maintaining compliance and security best practices.

You will work closely with the team behind mirrord to enhance and secure the development workflow for cloud-native applications.

Key Responsibilities:

1. Maintain and improve our IaC setup, ensuring reliability, scalability, and security.
2. Oversee security architecture, implementing best practices for cloud security and compliance.
3. Lead certification efforts, including ISO 27001, SOC 2, and other relevant frameworks.
4. Continuously assess and enhance security posture across infrastructure and applications.
5. Design, implement, and maintain CI/CD pipelines to streamline deployment and development workflows.

Requirements:

• Experience with Infrastructure as Code (Terraform, Pulumi, or similar tools).
• Strong knowledge of cloud platforms (AWS, GCP, Azure) and cloud security best practices.
• Experience with security frameworks and certifications (ISO 27001, SOC 2, NIST, etc.).
• Hands-on experience managing CI/CD pipelines (GitHub Actions, GitLab CI, ArgoCD, etc.).
• Knowledge of containerization and orchestration (Docker, Kubernetes).
• Proficiency in scripting languages (Python, Bash, or similar).
• Understanding of security concepts, threat modeling, and vulnerability assessments.
• Strong problem-solving skills and ability to work independently.

Preferred Qualifications:

• Experience with DevSecOps practices and tools.
• Familiarity with compliance automation tools.
• Background in software development or system administration.

What is the last date for applying to the job?

Which countries are accepted for this remote job?