Senior Security Engineer, DevSecOps

Your Impact at Lila

The Senior DevSecOps Engineer will lead the integration of security best practices into our software development and deployment pipelines. This role is responsible for building, maintaining, and optimizing secure, automated, and scalable CI/CD environments across multiple cloud and on-premises infrastructures. The ideal candidate has a strong background in DevSecOps, cloud architecture, and cybersecurity — with a passion for enabling secure, efficient software delivery.

What You'll Be Building

• Secure CI/CD pipelines with build attestations, provenance (SLSA concepts), code signing, SBOM generation, dependency and secret scanning, and container image hardening.
• Infrastructure-as-code security (Terraform/Helm) with policy-as-code guardrails (OPA/Kyverno/Checkov) and drift detection, primarily on AWS.
• Cloud security controls in AWS: IAM least privilege, network segmentation and private endpoints, key/secret management, centralized logging/telemetry, and runtime protections for EKS.
• Kubernetes runtime security: admission controls and policy engines (Kyverno/OPA Gatekeeper), Pod Security Standards, CIS benchmarks, RBAC and Network Policies, and EDR/agent integrations.
• Software supply chain safeguards: artifact signing with Sigstore/Cosign, registry governance, vulnerability management and exceptions, and automated remediation.
• Security embedded in ML/AI and data workflows: secure data movement/storage, encryption and access patterns, lineage, isolation for training/inference, and scanning of ML artifacts/model registries.
• Threat modeling with platform, ML, and lab engineering for AISF components (APIs, orchestration, lab devices/edge gateways) and implementation of mitigations.
• Detection-as-code and response playbooks for cloud and Kubernetes integration with SIEM/SOAR; tuning detections to AISF context.
• Self-service guardrails and “golden paths” (templates, modules, policies) that enable speed with secure defaults and compliance as an outcome.
• Support for audits and evidence collection for SOC 2/ISO 27001, translating controls into engineering artifacts.

What You’ll Need to Succeed

• Certification in Kubernetes Security
• 5–8+ years in Security Engineering/DevSecOps with deep experience across CI/CD (GitHub Actions/GitLab CI/Jenkins), cloud, containers, and IaC (Terraform, Helm/Kustomize); demonstrated ownership of secure-by-default pipelines and production Kubernetes hardening.
• Proficiency with policy-as-code (OPA, Kyverno, Checkov).
• AWS security depth across EKS, IAM, KMS, VPC/PrivateLink, ECR, S3, and logging/monitoring stacks; container security including admission control, RBAC, and network policies.
• Supply chain security experience: SBOMs (CycloneDX/SPDX), image signing (Cosign), and SLSA-aligned provenance; vulnerability and secret scanning (e.g., Trivy/Grype, Dependabot/Renovate).
• Strong coding for automation and tooling in Python or Go, plus bash proficiency; experience integrating cloud/K8s telemetry with SIEM/SOAR and building detections.

Bonus Points For

• Securing ML/AI pipelines (feature stores, model registries, training clusters, inference gateways) and scanning ML artifacts; knowledge of confidential computing/GPU isolation and privacy-enhancing tech.
• Edge/IoT or lab device security (secure gateways, cert provisioning, zero trust patterns) relevant to autonomous labs.
• Experience in regulated/audit-heavy environments (SOC 2, ISO 27001; familiarity with lab quality systems).
• SRE-adjacent skills applied to security controls (observability, reliability, chaos/scenario exercises).
• Prior startup/high-growth experience enabling developer velocity with strong guardrails; advanced supply chain maturity with Sigstore/Cosign and SLSA concepts.
• Experience with at least one modern language (Python, Go, Rust, JavaScript) for automation.

About Lila

Lila Sciences is the world’s first scientific superintelligence platform and autonomous lab for life, chemistry, and materials science.  We are pioneering a new age of boundless discovery by building the capabilities to apply AI to every aspect of the scientific method.  We are introducing scientific superintelligence to solve humankind's greatest challenges, enabling scientists to bring forth solutions in human health, climate, and sustainability at a pace and scale never experienced before. Learn more about this mission at  www.lila.ai

If this sounds like an environment you’d love to work in, even if you only have some of the experience listed below, we encourage you to apply.

Compensation

We expect the base salary for this role to fall between $144,000–$210,000 USD per year, along with bonus potential and generous early equity. The final offer will reflect your unique background, expertise, and impact.

We’re All In

Lila Sciences is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

A Note to Agencies

Lila Sciences does not accept unsolicited resumes from any source other than candidates. The submission of unsolicited resumes by recruitment or staffing agencies to Lila Sciences or its employees is strictly prohibited unless contacted directly by Lila Science’s internal Talent Acquisition team. Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of Lila Sciences, and Lila Sciences will not owe any referral or other fees with respect thereto.