DevSecOps Engineer

(3 month Project, with potential ongoing advisory support)

We are looking for a DevSecOps Engineer with 3+ years of experience to help audit, strengthen, and improve the security posture of a small but growing SaaS platform serving nonprofit and corporate clients.

OVERLAP 14:00–16:00 Mountain Time (MT)

This role is security-first, with DevOps responsibilities as a secondary layer. The main goal is to assess the current infrastructure, identify security and compliance gaps, and implement a practical roadmap to improve the platform’s overall resilience, compliance readiness, and long-term sustainability.

Project scope: — Initial security and infrastructure audit — Identify risks, vulnerabilities, and operational gaps — Build and prioritize a remediation roadmap — Implement key improvements over a 2–3 month engagement — Potential for ongoing periodic security reviews and advisory support afterward

Current stack / environment: — Git — GitHub Actions — Docker — AWS — Render

What you will do: — Audit the current cloud and application setup from a security and DevSecOps perspective — Review infrastructure, deployment processes, DNS configuration, access controls, and backup/disaster recovery practices — Identify gaps related to SOC 2 readiness and help prepare for stronger enterprise security expectations — Assess security controls around CI/CD, secrets management, container images, user access, and production environments — Review existing vulnerability scanning practices and recommend improvements, including dynamic scanning where needed — Help define and implement practical controls such as firewalling, hardening, monitoring, least-privilege access, and security hygiene improvements — Investigate risks related to DNS, exposed services, stale records, misconfigurations, and other overlooked infrastructure issues — Support the team in creating a sustainable, right-sized security approach for a small organization without overengineering — Translate findings into an actionable roadmap with clear priorities, balancing risk, cost, and implementation effort — Help improve confidence in responding to enterprise security questionnaires from large corporate clients

What we are looking for: — 3+ years of hands-on experience in DevSecOps, DevOps with a strong security focus, or cloud/infrastructure security — Strong experience with AWS and cloud security best practices — Experience with GitHub Actions, CI/CD security, Docker, and container/image scanning — Experience reviewing and securing hosted platforms, including PaaS environments such as Render or similar — Solid understanding of IAM/access control, secrets management, DNS security, backups, disaster recovery, and infrastructure hardening — Experience identifying and remediating security gaps in small or mid-sized SaaS environments — Familiarity with SOC 2 controls and general compliance-oriented security practices — Ability to recommend pragmatic, cost-conscious solutions for a small team — Strong communication skills and ability to explain risks, tradeoffs, and priorities clearly to non-security stakeholders — English level: B2 minimum