DevOps Security Engineer

• 3–5+ years in a combined DevOps / Security Engineering / DevSecOps role where you were building and operating, not just recommending. • 3–5+ years • CI/CD pipeline engineering: Deep, hands-on experience with at least one of Jenkins, GitLab CI, or GitHub Actions — including writing custom plugins, shared libraries, or reusable workflow templates. • CI/CD pipeline engineering: • Security tooling integration: Production experience implementing and tuning SAST (e.g., SonarQube, Semgrep, CodeQL), DAST (e.g., OWASP ZAP, Burp Suite), and SCA (e.g., Snyk, Dependabot, Grype) tools within automated pipelines. • Security tooling integration: • Cloud security: Proven ability to secure production workloads on at least one major cloud provider (AWS, Azure, or GCP). You understand IAM policies, network segmentation, encryption-at-rest/in-transit, and cloud-native security services at an implementation level — not just a whiteboard level. • Cloud security: • Container & orchestration security: Hands-on experience securing Docker and Kubernetes environments — image scanning, runtime security (Falco, Sysdig, or similar), admission controllers, network policies, and supply chain security (signing, SBOMs). • Container & orchestration security: • Infrastructure as Code: Proficiency with Terraform, CloudFormation, or Pulumi, combined with experience auditing IaC for security misconfigurations using policy-as-code frameworks (OPA/Rego, Sentinel, Checkov). • Infrastructure as Code: • Scripting & automation: Strong coding ability in Python, Go, or Bash — sufficient to build custom tooling, write security automation, and contribute patches to application code when needed. • Scripting & automation: • Vulnerability management: Experience running or significantly contributing to a vulnerability management program — triage, SLA enforcement, risk-based prioritization, and metrics reporting. • Vulnerability management: • Solid fundamentals: Strong understanding of OWASP Top 10, CWE/CVE ecosystems, secrets management (Vault, AWS Secrets Manager), TLS/mTLS, and common attack vectors against web applications and APIs. • Solid fundamentals: • Experience with compliance-as-code frameworks and automating evidence collection for SOC 2, ISO 27001, FedRAMP, or PCI-DSS audits. • Familiarity with eBPF-based security observability tools or kernel-level runtime security. • Background in penetration testing or red team exercises, particularly against cloud-native infrastructure. • Experience building or operating a software supply chain security program (SLSA framework, Sigstore/Cosign, in-toto attestations, SBOM generation and consumption). • Knowledge of GitOps workflows (ArgoCD, Flux) and securing the GitOps delivery model. • Contributions to open-source security tooling or published security research. • Relevant certifications such as CKS (Certified Kubernetes Security Specialist), AWS Security Specialty, OSCP, or GIAC certifications — valued as evidence of depth, not as a checkbox. • This role is for someone who thinks in terms of attack surfaces and blast radius, who automates by instinct, and who measures their success by the security issues that never make it to production. If your idea of a good day is shipping a pipeline change that eliminates an entire class of vulnerability across every repo in the organization — we want to talk to you. • We Power the Blockchain economy. • Blockdaemon powers the blockchain economy with its suite of industry-leadinginfrastructure solutions. We are a globally established, ISO-27001 certified partner with extensive protocol coverage, offering technical depth, industry-leading SLAs, 70+ global points of presence through 10+ cloud and bare metal providers, and 24/7 support for an unmatched institutional-grade experience. We provide integrated business solutions to exchanges, custodians, crypto platforms, financial institutions, and developers using our end-to-end suite of blockchain tools, including dedicated nodes, APIs, staking, liquid staking, MPC tech, and more. Blockdaemon provides its customers with the confidence to quickly and easily scale without compromising security or compliance. • We are a globally distributed team.