DevSecOps Engineer

TrueML

FULLY_REMOTE
FULL_TIME
Lenexa, Kansas
Posted Jun 17, 2026

Description

Why TrueML?

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions. 

The TrueML team includes inspired data scientists, financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.

\n


What you will do

Position Summary

We are seeking a Sr. Security Engineer to lead the integration of security across the software

development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and

application security, driving automation, scalability, and secure-by-default development practices.

You will design and implement security-first CI/CD pipelines, embed automated security testing, and

partner with engineering teams to ensure applications are built, deployed, and operated securely—at

scale

Key Responsibilities

Security Automation & CI/CD Integration (Core Focus)

• Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD

pipelines

(GitHub Actions, Jenkins, GitLab CI, Azure DevOps)

• Design and maintain automated security workflows across build, test, and deploy stages

• Implement security gates, policy enforcement, and compliance checks within pipelines

Cloud Security (AWS Focus)

• Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)

• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)

• Enforce least privilege access, secrets management, and runtime protections

Own Cloud Security: 
Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda).
 
Automate Compliance: Move beyond manual checks by building real-time monitoring and automated remediation for AWS resources, ensuring we stay "audit-ready" for frameworks like PCI and ISO 27001.
 
Lead Threat Modeling: Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans.
 
Innovate with AI: Stay at the forefront of the industry by developing security standards for Generative AI. You’ll leverage AI-powered tools to explore our attack surface while defending against AI-driven threats.
 
Guard the Infrastructure: Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF to ensure a "least privilege" environment.
 
 

 


What you bring
  • An Experienced Defender: You bring 7-10 years in software engineering, DevOps, or cloud engineering. 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response.
  • A Cloud Specialist: You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments.
  • Certified and Credentialed: You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP) and have a firm grasp of compliance frameworks like PCI and ISO 27001.
  • Technically Versatile: You are familiar with OWASP, proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers.
  • AI-Aware: You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls.
  • A Strategic Partner: You are a natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams.
  • An Elite Communicator: You can propose strategic methodologies

Tags

design
sys admin
infosec
python
education
docker
technical
recruiter
customer support
dev
testing
marketing
travel
devops
javascript
finance
serverless
cloud
api
exec
ops
engineer
digital nomad
Preparing interview guide...

Apply for this Position

Click below to apply directly on RemoteOK. Your application goes straight to the employer.

Job listing provided by RemoteOK

or

About TrueML

Company hiring for Engineering Manager Data Platform

Job Stats

Views7
Applications0

Hiring Across Borders?

Hire this candidate legally in their country without setting up a local entity.

AsianCV may earn a referral fee

Get Paid in USD/EUR

Set up a multi-currency account to receive payments from international employers.