DevSecOps Engineer

At Authentic8, we empower organizations to redefine how digital investigations are conducted in an increasingly complex online world. With Silo for Research, our industry-leading solution, we enable secure and anonymous investigations across the surface, deep, and dark web—helping national security, defense, law enforcement, and enterprises uncover critical insights while staying protected. Designed from the ground up with zero-trust principles and built on globally scaled infrastructure, Silo for Research addresses today's toughest cybersecurity challenges, allowing investigators to work smarter, faster, and safer. Trusted by more than 700 customers worldwide, our platform transforms how intelligence work is done. Join us, and be part of a mission to protect and empower those who safeguard our world. From our collaborative teams to our cutting-edge technology, we’re not just building solutions—we’re shaping the future of digital investigations. The DevSecOps Engineer is a front-line member of Authentic8’s Security & Reliability Operations (SRO) team who splits time between two high-tempo arenas: the Integrated Operations Center (IOC)—our real-time “eyes-on-glass” command post, and the broader SRO engineering squad that designs, secures, deploys, and improves the production platform. You will safeguard service availability, security, and compliance by monitoring key dashboards, triaging and resolving incidents, hardening systems, automating away toil, and shipping well-tested code and infrastructure changes. Your daily work embodies the Operations Charter’s tenets of Temet Nosce, Standardization, Automation, Simplicity, and Continuous Improvement, while directly advancing our four Operations Objectives: Platform Reliability; Security & Compliance; Efficiency & Innovation; and Cross-Functional Collaboration. You will join a tight, mission-driven team where cross-training is encouraged, automation is celebrated, and incident response is a practiced discipline. Expect to rotate between proactive monitoring, deep engineering tasks, and project work, gaining broad expertise across both security and reliability domains. This is an individual-contributor role that reports to the DevSecOps Lead (day‑time) and operates under the shared guidance of the Directors of Security Ops & Engineering and Reliability Ops & Engineering. Responsibilities IOC Monitoring & Incident Response: Keep Icinga, Grafana, and LogRhythm dashboards visible and acted upon at all times, detect, triage, and resolve service or security anomalies; lead first‑line response and publish station logs and FLASH/SitRep updates during active incidents. Security Operations: Perform vulnerability scanning, configuration hardening, and security impact assessments (SIA) for planned changes and develop and tune security detection use‑cases; investigate alerts to conclusion. Technical Operations: Execute patching, build‑system management, release deployments, DNS and capacity changes, and routine maintenance windows and own change‑management tickets through CCB approval and post‑deployment verification. Code, Automation & Tooling: Write or enhance infrastructure‑as‑code, CI/CD pipelines, monitoring plugins, and remediation scripts to eliminate toil and follow the SDLC: branch, peer‑review, test in QA, and tag in GitLab before Production rollout. Project & Sprint Work: Deliver project tasks, tuning tickets, and cross‑functional requests in weekly sprints and participate in backlog grooming, sprint planning, retrospectives, and daily SitRep meetings. On‑Call Rotation: Serve as primary/secondary on‑call outside business hours; acknowledge PagerDuty alerts within 15 minutes and drive resolution or escalation. Documentation & Compliance Support: Create/maintain runbooks, SOPs, and system documentation; gather evidence for FedRAMP, SOC 2, PCI‑DSS and other audits. US Citizenship Required Qualifications Bachelor’s degree or equivalent experience. 3 + years hands‑on experience in DevSecOps, SRE, security engineering, or systems reliability roles. Proficiency with Linux (Ubuntu preferred), GitLab, CI/CD, configuration management (Terranova, Chef or similar), and one or more scripting languages (Python, Bash, Ruby). Working knowledge of monitoring/alerting stacks (Grafana, Icinga, Kestrel) and incident platforms (PagerDuty). Familiarity with security frameworks and hardening standards (NIST 800‑53/171, CIS benchmarks, FedRAMP). Clear, concise communicator able to write actionable incident timelines and technical runbooks. Desired Cloud experience with GCP and/or AWS (compute, networking, IAM, security services). Certifications: SECOPS/SRE (GCP Professional DevOps, Linux Foundation KCNA/Kubernetes), Security (CISSP, GCIH), or Cloud/Infra (CKA, RHCE). Prior participation in 24 × 7 operations centers or regulated SaaS environments. Experience building dashboards for SLI/SLO monitoring and error‑budget tracking. Salary Range $110,000 – $140,000 + Bonus & Equity Authentic8 Core Values & Principles Integrity: We apply our best efforts. We are honest with and accountable to others. Mission‑Focused: We clearly define and communicate our goals and do not stray in the pursuit of our objective. Respect: We value and respect the ideas and experience our diverse backgrounds bring us. Positive consideration of differing viewpoints makes us stronger. We are collaborative: We recognize the best work is the product of teams. We must each be reliable and expect to rely on others. We are transparent: By operating with common information and understanding we ensure that we are aligned. We find innovative solutions: We seek innovative solutions not as a buzzword but as a means to solve difficult problems with zeal, efficiency and quality. We take ownership: We are responsible for our actions, our reputation and our business. Authentic8 offers competitive benefits, including medical, dental and vision, flexible PTO, a 401k program & stock options. It is the policy of Authentic8 to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. #J-18808-Ljbffr