New

Senior DevSecOps Engineer

Remote

The exciting world of scientific research is fueled by people with a passion for solving complex problems. At Cayuse, we are committed to our customers’ success by empowering organizations to conduct globally connected research that advances their impact on science, discovery and society. We build on that commitment with proven, integrated and easy-to-use technology that delivers exceptional value, and world class service and support that accelerates outcomes.

But we are more than just an empowering platform powered by advanced technologies. We are a collaboration of exceptional, highly skilled people with multi-disciplinary expertise, and are building our team to support our ambitious growth plans. Cayuse’s foundational strength comes from our customer and employee focused values and commitment to industry-leading solutions. It’s an exciting time to become a key member of our growing team.

As a Senior DevSecOps Engineer, you will be a key technical leader driving the security, reliability, and integrity of our cloud-based infrastructure and SaaS products. This role embeds security throughout the software delivery lifecycle — shifting vulnerability detection left into the pipeline while operationalizing continuous monitoring and remediation in production. You will own our application and cloud vulnerability management program, leveraging tools like Snyk, SonarQube, and AWS Inspector to find, prioritize, and drive remediation of risk across a multi-product, multi-environment AWS platform.

This is an AI-native role. We expect you to work fluently with AI engineering tools — Claude Code, GitHub Copilot, Atlassian Rovo, and similar — to accelerate triage, remediation, automation, and documentation, and to help the team build AI-augmented workflows into how we detect and fix risk. We're looking for someone who treats these tools as a force multiplier and applies sound judgment about where AI fits and where human review is non-negotiable, especially in a security context.

This role combines deep technical expertise with a passion for mentoring. You will pair hands-on engineering with guiding colleagues in secure development and operational practices, and contribute to the overall maturity of our DevSecOps capability — with a strong emphasis on automation using Terraform and Bitbucket Pipelines.

 

Responsibilities

Vulnerability Management and Remediation

  • Assist in the end-to-end vulnerability management lifecycle: discovery, triage, prioritization, remediation tracking, and reporting across applications, containers, and cloud infrastructure.
  • Administer and tune Snyk (SCA, container, and IaC scanning), SonarQube (SAST and code quality gates), and AWS Inspector (EC2, ECR, and Lambda vulnerability scanning) to maximize signal and reduce false positives.
  • Aggregate and normalize findings across scanners into a single prioritized backlog, using severity, exploitability, and asset criticality to drive risk-based remediation.
  • Partner with product engineering teams to remediate findings, providing concrete guidance and tracking SLAs to closure rather than just reporting on counts.
  • Establish and enforce policy-as-code and quality/security gates in CI so vulnerabilities are caught before merge and deployment.
  • Drive container and base-image hygiene across EKS workloads, including image scanning, patching cadence, and remediation of vulnerable dependencies.

Secure Pipelines and Automation

  • Design, build, and maintain secure CI/CD pipelines using Bitbucket Pipelines, integrating Snyk, SonarQube, and other security scanning natively into the build and deploy flow.
  • Build and maintain secure, scalable infrastructure using Terraform, applying IaC scanning and guardrails to prevent misconfiguration.
  • Automate vulnerability discovery, ticket creation, and remediation workflows (e.g., auto-filing Jira tickets from scanner findings) to reduce toil and accelerate response.
  • Develop and maintain automation tools and scripts (Python, Bash) to integrate security tooling, enrich findings, and report on posture.
  • Manage cloud security posture across the AWS estate (managed through DuploCloud), including IAM, Security Groups, encryption, and configuration baselines.

AI-Augmented Engineering

  • Work AI-native: use tools like Claude Code, GitHub Copilot, and Atlassian Rovo to accelerate code, automation, triage, and documentation in day-to-day engineering.
  • Build AI into security and remediation workflows — for example, using AI to summarize and enrich scanner findings, draft remediation guidance, generate and review Terraform and pipeline changes, and auto-populate Jira tickets from vulnerability data.
  • Apply sound judgment about where AI fits and where human review is mandatory, treating all AI output in a security context as needing verification before it reaches production or a security decision.
  • Help establish and share team standards for responsible, effective use of AI engineering tools, and mentor colleagues on getting leverage from them safely.

Monitoring, Detection, and Incident Response

  • Implement and maintain observability and security monitoring using Grafana and AWS-native monitoring (CloudWatch, AWS Inspector, GuardDuty where applicable).
  • Define and monitor security and reliability SLOs/SLAs, and proactively identify exposure before it becomes an incident.
  • Participate in incident response and root cause analysis for security-relevant events, contributing to resolution and follow-up hardening.
  • Respond to on-call Sev 1 incidents and participate in a 24/7 on-call rotation approximately once per month.
  • Contribute to disaster recovery and resilience planning.

Collaboration, Mentorship, and Improvement

  • Serve as a technical expert and mentor, sharing secure-development and DevSecOps best practices across engineering teams.
  • Contribute to the development and implementation of DevSecOps standards and guidelines, tailored to AWS best practices.
  • Lead by example with strong technical proficiency in SRE and security engineering within the AWS ecosystem.
  • Collaborate with development, operations, compliance, and product teams to ensure security is built in, not bolted on.
  • Contribute to code reviews and technical discussions with a security lens.
  • Document runbooks, standards, and knowledge-sharing resources; participate in agile ceremonies.
  • Foster a culture of continuous learning and a security-first, automation-first mindset.

Qualifications

  • Deep experience with AWS, including core services such as EC2, S3, RDS, Lambda, CloudWatch, EKS, and a solid understanding of AWS networking (VPC, Security Groups) and security fundamentals (IAM).
  • Hands-on experience operating application and cloud vulnerability scanning tools — Snyk, SonarQube, and AWS Inspector strongly preferred — including administration, policy configuration, and findings triage.
  • Demonstrated experience running a vulnerability management or AppSec program: prioritization frameworks, remediation SLAs, and risk-based decision-making.
  • 4+ years of experience working with public cloud technologies (AWS preferred).
  • Strong understanding of CI/CD pipelines and the SDLC, with proven experience integrating security scanning into pipelines (Bitbucket Pipelines preferred).
  • Proven experience with Terraform and infrastructure as code, including IaC security scanning.
  • Experience with Docker and Kubernetes (EKS), including container image security and hardening.
  • Proficiency in scripting languages (Python, Bash) for automation and tooling integration.
  • Demonstrated fluency with AI engineering tools (e.g., Claude Code, GitHub Copilot, Atlassian Rovo) and good judgment about applying them in a security context, where AI output must be verified rather than trusted blindly.
  • Experience developing monitoring and log analysis solutions, including proficiency with Grafana.
  • Solid understanding of security frameworks, secure coding practices, and common vulnerability classes (e.g., OWASP Top 10, CVE/CVSS).
  • Experience with Git and code branching/merging strategies.
  • Experience with Agile methodologies (Scrum, Kanban).
  • Strong problem-solving and troubleshooting skills.
  • Excellent communication and collaboration skills, with the ability to influence remediation across teams.
  • Passion for mentoring and knowledge sharing.
  • Ability to own medium to large technical projects end to end.

Nice to Have

  • Relevant security certifications (e.g., AWS Security Specialty, CISSP, GIAC).
  • Experience with SOC 2 / ISO 27001 or similar compliance programs.
  • Experience with secrets management, SBOM generation, and supply-chain security.
  • Familiarity with DuploCloud or comparable cloud governance platforms.
  • Experience building AI-augmented or agentic workflows into engineering or security operations (e.g., MCP integrations, AI-assisted findings triage or ticketing).

 

Benefits

  • Competitive Medical Benefits (PPO + HSA available)
  • Vision, Dental, Short-Term Disability fully covered by Cayuse
  • Unlimited PTO + Holidays + Flexible Work Schedule
  • Remote Work Stipend
  • Equal Paid Parental Leave
  • 401k with Employer Matching
  • Quarterly Wellness Reimbursement
  • Remote Work Environment, supporting the Ultimate Employee Experience 

 

Cayuse does not accept agency resumes. Please do not forward resumes to our jobs alias or any Cayuse employees. Cayuse is not responsible for any fees related to unsolicited resumes.

Our culture is one of inclusion and belonging where everyone feels respected, treated justly, supported and nourished. We all share responsibility for creating and sustaining a work environment where differences are celebrated and we are empowered to strive for excellence. We’re proud to be an equal opportunity employer and actively seek to recruit, develop, and retain a diverse and talented workforce.

Create a Job Alert

Interested in building your career at Cayuse? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter*

Accepted file types: pdf, doc, docx, txt, rtf


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Cayuse’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.