Senior DevSec Ops Engineer

About Appen
Appen is a leader in AI enablement for critical tasks such as model improvement, supervision, and evaluation. To do this we leverage our global crowd of over one million skilled contractors, speaking over 180 languages and dialects, representing 130 countries. In addition, we utilize the industry's most advanced AI-assisted data annotation platform to collect and label various types of data like images, text, speech, audio, and video.
Our data is crucial for building and continuously improving the world's most innovative artificial intelligence systems and Appen is already trusted by the world's largest technology companies. Now with the explosion of interest in generative AI, Appen is helping leaders in automotive, financial services, retail, healthcare, and governments the confidence to deploy world-class AI products.
At Appen, we are purpose driven. Our fundamental role in AI is to ensure all models are helpful, honest, and harmless, so we firmly believe in unlocking the power of AI to build a better world. We have a learn-it-all culture that values perspective, growth, and innovation. We are customer-obsessed, action-oriented, and celebrate winning together.
At Appen, we are committed to creating an inclusive and diverse workplace. We are an equal opportunity employer that does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
We are seeking a Senior DevSec Ops Engineer to lead and enhance the security of our platform infrastructure. This role will be part of the Platform Engineering and Site Reliability Engineering (SRE) team and will work in close collaboration with application engineering teams to ensure security best practices are embedded throughout the development lifecycle. You will be responsible for securing our cloud environments, CI/CD pipelines, and overall platform security posture. Your role will involve proactively identifying security risks, implementing robust security controls, and ensuring compliance with industry standards.

Key Responsibilities:

• Develop and implement security best practices across cloud infrastructure, and application deployments.
• Work closely with application engineering teams to embed security into infrastructure design, ensuring compliance with security policies and industry standards.
• Automate security processes, including vulnerability scanning, compliance checks, and threat detection.
• Secure CI/CD pipelines by integrating security checks, code scanning, and secret management.
• Conduct security audits, risk assessments, and incident response plans to proactively mitigate potential threats.
• Implement zero-trust security models, least privilege access, and robust IAM strategies.
• Establish monitoring and observability frameworks for security events, ensuring quick detection and response to threats.
• Collaborate with compliance and governance teams to align security practices with regulatory requirements.
• Educate and advocate security best practices across engineering teams, fostering a security-first culture.

Essential Qualifications:

• Extensive experience in DevSecOps, cloud security, and infrastructure security.
• Proficiency in securing cloud environments (AWS), Kubernetes, and containerized applications.
• Hands-on experience with security tooling such as vulnerability scanners (Snyk, Aqua, Trivy), SIEM solutions, and identity management platforms.
• Strong knowledge of network security, firewalls, and intrusion detection/prevention systems.
• Experience with policy-as-code tools (OPA, Kyverno) and compliance frameworks (CIS, NIST, ISO 27001, SOC 2).
• Expertise in automation, scripting (Python, Bash, Go), and infrastructure as code (Terraform, CloudFormation).
• Familiarity with threat modeling, penetration testing, and incident response processes.
• Ability to work cross-functionally with engineering, compliance, and leadership teams to drive security initiatives.

Desirable Qualifications:

• Experience in implementing zero-trust security models in cloud environments.
• Strong understanding of API security, authentication, and authorization mechanisms.
• Background in forensic analysis, security logging, and monitoring best practices.
• Knowledge of service mesh security (Istio, Linkerd) and securing microservices architectures.
• Strong knowledge of AWS security best pratices and General IT security best practices 

Appen is the global leader in data for the AI Lifecycle with more than 25 years’ experience in data sourcing, annotation, and model evaluation. Through our expertise, platform, and global crowd, we enable organizations to launch the world’s most innovative artificial intelligence products with speed and at scale. Appen maintains the industry’s most advanced AI-assisted data annotation platform and boasts a global crowd of more than 1 million contributors worldwide, speaking more than 235 languages. Our products and services make Appen a trusted partner to leaders in technology, automotive, finance, retail, healthcare, and government. Appen has customers and offices globally.