Staff DevSecOps & Infrastructure Engineer

About The Role

The Cybersecurity Group at SandboxAQ is looking for a founding DevSecOps Engineer to build and embed security into our infrastructure and product lifecycle. You will be responsible for functionalizing AQtive Guard, our groundbreaking solution for modern non-human identity and cryptography management. This is a critical role where you will be the first dedicated security engineer on the team, establishing the security foundations for our products that are already launching globally with major organizations.

We’re looking for a hands-on engineer who will champion security best practices across our systems. A successful candidate will be comfortable designing, automating, and maintaining secure infrastructure for both on-premise and cloud environments, including local development environments and full CI/CD pipelines. You will work closely with a diverse team of cryptographers, developers, ML experts, and physicists to collaborate on delivering novel and secure solutions.

What You’ll Do

• Design and implement a secure CI/CD pipeline, integrating security testing tools (e.g., SAST, DAST, SCA, and vulnerability scanning) to ensure high-quality, secure deliverables.
• Automate security processes and controls throughout the software development lifecycle.
• Work with teams of developers and cryptographers to integrate their advancements into new products, ensuring security is a core component from the design phase.
• Build and maintain secure, scalable, and fault-tolerant architecture for our cloud (AWS) and on-premise deployments, using Infrastructure as Code (IaC) principles.
• Lead vulnerability management and remediation efforts, conducting security reviews, risk assessments, and code audits.
• Develop and maintain security tooling, incident response plans, and concise documentation for our systems and processes.
• Champion a culture of security by mentoring developers on secure coding practices and security best practices.
• Contribute to delivering AQtive Guard for FedRAMP compliance

Who You Are

• US Citizenship and/or security clearance is required due to USG contract requirements
• Strong experience with security best practices and implementing security controls in a cloud-native environment.
• Strong experience using, building, and securing infrastructure in AWS.
• Strong experience managing and orchestrating workloads using Docker and Kubernetes.
• Proven experience defining secure infrastructure and processes as code using Terraform and managing CI systems.
• Expertise in building and securing large-scale distributed systems.
• Hands-on experience integrating and managing security tools within CI/CD pipelines.
• Strong experience with a few scripting languages (e.g., Python, Bash).
• Ability to work in a small team/rapid prototyping environment and deal with uncertainty and fluidity.

Nice to Haves

• Experience with compliance frameworks (e.g., SOC 2, ISO 27001, or FedRAMP).
• Familiarity with configuration management tools such as Ansible or Puppet.
• Offensive security experience or certifications (e.g., OSCP).
• Familiarity with Bazel.
• Familiarity with streaming frameworks, especially Kafka and Kstreams.
• Experience w/ enterprise security-tooling like Crowdstrike, Rapid7, or Snyk