Job Application for Senior DevSecOps Engineer at DFO Referrals

Senior DevSecOps Engineer

Dalio Family Office

Dalio Family Office Overview:

The Dalio Family Office (DFO) supports Barbara and Ray Dalio and their family in their ventures, investments, and philanthropic efforts under Dalio Philanthropies, which includes OceanX, Dalio Education, Endless Network, and the Beijing Dalio Foundation. The core of the DFO’s culture is built around meaningful work and meaningful relationships and the family’s commitment to giving back. The office is headquartered in Westport, CT with regional offices in New York City, Singapore, and Abu Dhabi. This is a hybrid position reporting primarily out of our New York City office location.

Position Summary:

Reporting to the Cybersecurity Lead, the Senior DevSecOps Engineer will design, deploy, and secure scalable AWS + Azure environments with a strong focus on Infrastructure as Code (IaC). The purpose of this role is to build secure cloud-native infrastructure from the ground up, operationalize AWS/Azure services, and automate the reliability and security of mission-critical systems. You will embed security-by-design across the SDLC by implementing secure CI/CD pipelines with automated testing, policy controls, and supply-chain protections (SBOMs, signed artifacts, provenance), while centralizing security telemetry into Microsoft Defender for Cloud for unified posture management, threat detection, and compliance. The role also secures cloud infrastructure, data, and key management using AWS KMS and Azure Key Vault, hardens AKS/EKS with policy-as-code (OPA/Gatekeeper) and runtime protections, and extends these controls to AI/LLM development and inference platforms including AWS Bedrock, AI Foundry, and vLLM.

Day-to-day responsibilities would include a combination of the following:

Embed security-by-design across the SDLC with automated controls and measurable security outcomes.
Deliver a secure, compliant AWS/Azure cloud foundation with strong data protection and key management.
Harden container and Kubernetes platforms with consistent policy enforcement and runtime protection.
Build and maintain secure CI/CD pipelines with SAST/SCA, IaC + container scanning, secret detection, and policy gates, including threat modelling and secure design practices.
Enforce software supply-chain security (SBOMs, signed images, provenance verification) and route pipeline/code telemetry into Microsoft Defender for Cloud.
Secure AWS/Azure workloads across identity, network, compute, and storage; implement encryption, classification, retention, DLP, and safe logging.
Operate AWS KMS / Azure Key Vault (rotation, auditing, envelope encryption) and use Defender for Cloud for CSPM/CWPP, threat detection, and compliance.
Harden AKS/EKS using pod security, OPA/Gatekeeper, network policies, secrets management, and runtime protections; govern artifacts via JFrog Artifactory (trust, allow/deny, immutability) and integrate Kubernetes signals into Defender for Cloud.

Additional duties as assigned.

The ideal candidate will possess the following knowledge, skills, attributes, and values:

Security minded with the utmost regard for confidentiality and discretion.
Collaborative and helpful by nature.
Strong sense of ownership in one’s work.
Excellent communication and synthesis skills.
Demonstrated track record supporting mission-critical workloads end-to-end: secure deployments, hardening, centralized logging/telemetry, compliance, and continuous optimization.

Familiarity with cloud governance and security tooling including Microsoft Defender for Cloud, AWS SCPs/RCPs, Azure Policy, and OPA/Gatekeeper.

Illustrative Benefits:

100% company paid medical premiums
17 company paid holidays
Friday summer hours
Monthly community happy hours
Hybrid work environment
Free catered food services for in-office days
Generous PTO offering
Casual dress code
150% 401(k) match up to $7,500 and 100% match above $7,500 ($15k match limit)
Gym reimbursement, back up childcare services, insurance, financial, and legal services, and much more!

Qualifications:

Bachelor’s Degree or Diploma in Cybersecurity, Computer Science, Information Technology, or related discipline.
10+ years of experience in DevSecOps / Cloud Engineering delivering and securing production AWS and Azure environments, including cloud security architecture and operations.
At least 3 years hands-on experience operating enterprise-scale platforms (systems engineering/administration), including reliability engineering, monitoring/telemetry, and incident response.
Advanced IaC expertise with Terraform (plus CloudFormation/Bicep preferred), building standardized, governed cloud foundations (landing zones, guardrails, automation).
Proven experience building and securing CI/CD automation using GitLab and/or Azure DevOps, including automated security testing and supply-chain controls (SBOMs, artifact signing, provenance).
Strong Kubernetes security experience with AKS/EKS, including policy enforcement and runtime protections.
Expertise in cryptographic key management and data protection, including AWS KMS / Azure Key Vault, encryption, and data security controls.
Experience securing AI/LLM systems and inference platforms (AI Foundry, AWS Bedrock, vLLM), including knowledge of OWASP LLM Top 10 and LLM guardrails.
Strong proficiency across Linux and Microsoft ecosystems (identity, hardening, patching, operational best practices) and scripting with Python/Bash/PowerShell (application languages such as Java/.NET/JavaScript (React.js) are a plus).

Compensation:

Compensation for the role includes a competitive salary in the range from $170,000 -$230,000 (inclusive of a merit-based bonus, dependent on years of experience, level of education obtained, as well as applicable skillset) and an excellent benefits package, including a comprehensive employer paid medical plan and generous employer match for 401k.

Please note we are unable to provide immigration sponsorship for this position.

At the DFO, we believe our biggest asset is our people. We are proud to be an equal opportunity employer, hiring and developing individuals from diverse backgrounds and experiences to add to our collaborative culture. The DFO treats all candidates and employees with respect and does not discriminate in our recruiting, hiring, and promoting processes and general treatment during employment, including on the basis of actual or perceived race, creed, color, religion, sex, age, sexual orientation, gender identity and/or expression, alienage or national origin, ancestry, citizenship status, marital status, veteran status, or disability.

First Name

Last Name

Preferred First Name

Country

Phone

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

ELECTRONIC RECORD AND SIGNATURE DISCLOSURE From time to time, Marino Management, LLC and/or its subsidiaries, affiliates, other related entities, successors, and/or assigns (the “Company”, “we” or “us”) may provide you with notices, disclosures, authorizations, acknowledgements, agreements, and other documents. Described below are the terms and conditions for providing to you such documents electronically through the Greenhouse system. Please read the information below carefully and thoroughly, and if you can access this information electronically to your satisfaction and agree to this Electronic Record and Signature Disclosure (“ERSD”), please confirm your agreement by providing your signature below. Getting paper copies At any time, you may request from us a paper copy of any record provided or made available electronically to you by us. [You will have the ability to download and print documents we send to you through the Greenhouse system during and immediately after the signing session and, if you elect to create a Greenhouse account, you may access the documents for a limited period of time (usually 30 days) after such documents are first sent to you.] After such time, if you wish for us to send you paper copies of any such documents, you may request delivery of such paper copies from us by following the procedure described below. Withdrawing your consent If you decide to receive documents from us electronically, you may at any time change your mind and tell us that thereafter you want to receive documents only in paper format. The procedure by which you must inform us of your decision to receive future documents in paper format and withdraw your consent to receive documents electronically is described below. Consequences of changing your mind If you elect to receive documents only in paper format, it will slow the speed at which we can complete certain tasks and deliver certain notices to you because we will first need to send the documents to you in paper format, and then wait until we receive from you your acknowledgment of your receipt of such paper documents. Further, you will no longer be able to use the Greenhouse system to receive documents electronically from us or to sign documents from us electronically. All documents will be sent to you electronically Unless you tell us otherwise in accordance with the procedures described herein, we will provide electronically to you through the Greenhouse system notices, disclosures, authorizations, acknowledgements, agreements, and other documents. If you do not agree with this process, please let us know as described below. Please also see the paragraph immediately above that describes the consequences of your electing not to receive delivery of the documents electronically from us. How to contact us You may contact us to let us know of your changes as to how we may contact you electronically, to request paper copies of certain information from us, and to withdraw your prior consent to receive documents electronically by emailing HR@marinomgmt.com. How to advise us of your new email address To let us know of a change in your email address where we should send documents electronically to you, you must send an email message to us at HR@marinomgmt.com and in the body of such request you must state your previous email address and your new email address. [If you created a Greenhouse account, you may update it with your new email address through your account preferences.] To request paper copies from us To request delivery from us of paper copies of the documents previously provided by us to you electronically, you must send us an email to HR@marinomgmt.com and in the body of such request you must state your email address, full name, mailing address, and telephone number. To withdraw your consent To inform us that you no longer wish to receive future documents in electronic format, you must email us at HR@marinomgmt.com, and in the body of such request you must state your email, full name, mailing address, and telephone number. Required hardware and software The minimum system requirements for using the Greenhouse system may change over time. [The current system requirements are found here: System Requirements for Signing (docusign.com).] Acknowledging your access and consent to receive and sign documents electronically By signing your name below, you confirm that: • You can access and read this Electronic Record and Signature Disclosure; and you can print on paper this Electronic Record and Signature Disclosure, or save or send this Electronic Record and Disclosure to a location where you can print it, for future reference and access; and • Until or unless you notify Marino Management, LLC as described above, you consent to receive through electronic means notices, disclosures, authorizations, acknowledgements, agreements and other documents that are required to be provided or are made available to you by Marino Management, LLC during the course of your relationship with Marino Management, LLC.

LinkedIn Profile

Have you ever been engaged in the recruiting process, spoken to anyone about a role at the Dalio Family Office or Bridgewater Associates, or interviewed for a position?

Select...

If "Yes", please elaborate.

Have you ever worked at or with the Dalio Family Office or Bridgewater Associates in any capacity?

Select...

If "Yes", please elaborate.

How did you hear about the Dalio Family Office?

Through an employee – Who? What is your relationship to them?
Other – How?

Are you, a relative*, partner, or member of your household: currently employed by, having prior employment history with, and/or having any past or present affiliation** with an: asset management firm, asset management consulting firm, institutional investor (e.g., corporate or public pension fund, sovereign wealth fund/central bank, hedge fund of funds or External-Chief Investment Officer, or money management office of an endowment/foundation/family office), a broker or dealer in a trading or sales capacity, or a service provider or outside partner to Bridgewater (only if you are already aware). *Child, stepchild, grandchild, parent, stepparent, grandparent, spouse, sibling, in-law, domestic partnership, or adoptive relationship **Officially attached to or connected to an organization in volunteer, paid or non-paid, in a substantial or consultative fashion, including serving on the board of directors or governance board

Select...

If "Yes" please elaborate including whether your organization has any current interface with Bridgewater or the Dalio Family Office?

Are you legally authorized to work in the US?

Select...

Will you now or in the future require "sponsorship for an immigration-related employment benefit?"

Select...

For purposes of this question, “sponsorship for an immigration-related employment benefit” means “the submission by the Dalio Family Office to U.S. immigration or consular officials of forms or supporting documents requesting approval of:

*an H-1B visa petition,
*an O-1 visa petition,
*an E-3 visa petition,
*TN status,
*any employment-based visa petition on behalf of an individual in F-1, F-2, J-1, L-1, L-2, or any other nonimmigrant visa status, and
*‘job flexibility benefits’ (also known as 1-140 portability or Adjustment of Status portability) for long-delayed adjustment of status applications that have been pending for 180 days or longer.”
(Please ask us if you are uncertain whether you may need sponsorship for an immigration-related employment benefit or desire clarification.)

Consent to Recording *

I Agree

I Do Not Agree

I acknowledge that it is the Dalio Family Office’s (DFO) practice to record phone calls and in-person meetings for training and efficiency purposes. I understand that under Connecticut law, the DFO must obtain written consent from a party before recording any calls with the party. This letter constitutes my consent to the recording of any and all telephone calls or meetings between me and DFO personnel made on or after the date hereof relating to my interest in the DFO.

For purposes hereof, "DFO personnel" means any DFO employee, consultant or other individual contacting me on DFO’s behalf in connection with my interest in the DFO.
By stating "I Agree" and continuing, I acknowledge that I am signing this acknowledgement and consent electronically and agree that such electronic signature will be deemed the equivalent of an original for all purposes. My electronic signature represents that I have read, understand and agree to the terms hereof.

Are you subject to any agreements that may hinder your ability to work (e.g. non-compete)?

Select...

U.S. Standard Demographic Questions

We invite applicants to share their demographic background. If you choose to complete this survey, your responses may be used to identify areas of improvement in our hiring process.

How would you describe your gender identity? (mark all that apply)

Select...

How would you describe your racial/ethnic background? (mark all that apply)

Select...

How would you describe your sexual orientation? (mark all that apply)

Select...

Do you identify as transgender?

Select...

Do you have a disability or chronic condition (physical, visual, auditory, cognitive, mental, emotional, or other) that substantially limits one or more of your major life activities, including mobility, communication (seeing, hearing, speaking), and learning?

Select...

Are you a veteran or active member of the United States Armed Forces?

Select...

Senior DevSecOps Engineer

Apply for this job

U.S. Standard Demographic Questions