DevSecOps Engineer

About the Team

The Platform and Security team ensures that Typeform engineers can build, deploy, and operate services safely and efficiently.

As we scale into AI-powered products, our engineering velocity has increased significantly. New workloads—including model-serving, agent-based systems, and real-time data pipelines—introduce new security challenges that the current team lacks capacity or AI-specific expertise to manage.

This is where you come in: as our DevSecOps Engineer, you’ll embed security into the development lifecycle, enable high-velocity feature delivery, and ensure that new AI capabilities are safe, compliant, and resilient.

Things you will do:

• Embed security into the software development lifecycle, enabling teams to ship features safely at high velocity.
• Partner with engineering and AI teams to assess and mitigate security risks for new AI features, infrastructure, and pipelines.
• Develop and maintain secure CI/CD pipelines, tooling, and automation to support rapid deployment.
• Conduct threat modeling, vulnerability assessments, and code reviews for new services and AI workloads.
• Advise on secure architecture patterns for infrastructure, agent systems, and model-serving environments.
• Implement monitoring, alerting, and incident response practices for critical security events.
• Define best practices, standards, and policies for secure feature delivery across engineering teams.
• Act as the internal security advocate, balancing risk management with product velocity.

What you already bring to the table:

• Several years of experience in DevSecOps, security engineering, or cloud security.
• Deep understanding of security in distributed systems, cloud-native infrastructure, and CI/CD pipelines.
• Knowledge of threat modeling, vulnerability assessment, and incident response practices.
• Experience securing AI/ML workloads, model-serving pipelines, or agent-based systems (or a strong willingness to learn).
• Familiarity with IaC, Kubernetes, and cloud platforms (AWS, GCP, Azure).
• Strong collaborator able to influence engineering teams and embed security practices without slowing development.
• Strong communication skills to explain complex security concepts to non-security teams.

Extra awesome:

• Hands-on experience with AI security, model risk, or prompt injection mitigation.
• Experience in high-velocity SaaS or PLG environments.
• Contributions to open-source security tooling or frameworks.
• Experience implementing automated security testing in CI/CD pipelines for both code and infrastructure.