DevSecOps Engineer

DevSecOps Engineer – Industrial AI Platform Role Summary
You'll own security implementation across our AI deployment pipelines - from AWS EC2 development environments to air-gapped industrial sites. This hands-on role combines security engineering, infrastructure automation, and operational reliability for a platform deploying mission-critical ML models at the edge.

Key Responsibilities
Infrastructure Security Automation

• Develop and maintain OpenTofu modules for consistent VM provisioning across environments

• Harden EC2 and on-prem VM templates with Ansible security playbooks

• Implement least-privilege IAM policies and secure network configurations

• Design secure bootstrapping processes for production environments

Kubernetes Deployment Security

• Secure our K3s clusters with proper pod security policies and network isolation

• Implement robust RBAC models with granular permissions

• Design secure inter-service communication patterns

• Build security monitoring for cluster components and workloads

CI/CD Pipeline Hardening

• Integrate automated security scanning into build pipelines (container scanning, SCA, SAST)

• Implement secure artifact management with signing and verification

• Build proper secrets management for deployment pipelines

• Establish secure container base images and build processes

Operational Security & Reliability

• Design secure update mechanisms for air-gapped environments

• Implement monitoring, alerting and incident response automation

• Build comprehensive logging and audit trails across environments

• Develop metrics for tracking security and reliability KPIs

Security Reporting & Governance

• Create security dashboards for visibility into system security posture

• Build automated compliance validation for industrial requirements

• Develop practical security documentation and runbooks

• Run internal security reviews and share findings with engineering teams

Tech Stack

• Kubernetes (K3s for edge deployment, Kind for local dev, EKS for cloud)

• OpenTofu (planned) and Ansible for infrastructure automation

• AWS EC2 for development/test environments, on-prem for production

• GitHub Actions for CI/CD pipelines

• Docker for containerisation

• Python and Bash for security tooling and automation

• SvelteKit for frontend

Requirements
Essential Skills & Experience:

• Strong experience with infrastructure-as-code security (Terraform/OpenTofu, Ansible)

• Hands-on Kubernetes security implementation (networking, RBAC, policies)

• Experience securing containerised workloads and build pipelines

• Practical security monitoring and alerting implementation

• Experience with Linux security controls including AppArmor profile development and enforcement

• Comfort working with Python, shell scripts, and CLI tooling

• Ability to balance security requirements with practical engineering trade-offs

• Experience with log aggregation and operational monitoring

Desirable Skills:

• Experience with industrial or air-gapped deployments

• Knowledge of ML/AI deployment security considerations

• Familiarity with regulated environments (finance, healthcare, industrial)

• Experience with zero-trust networking concepts

• Experience with Linux hardening for edge deployments

About You

• You're hands-on - you code solutions rather than just pointing out problems

• You find pragmatic security solutions that work in the real world

• You can explain complex security concepts to people who don't live in that world

• You balance "secure by default" with "needs to actually work"

• You're comfortable diving into unfamiliar codebases to find and fix issues