Senior DevSecOps Engineer

Senior DevSecOps Engineer

About us

Hyperproof is on a mission to transform the Governance, Risk, and Compliance (GRC) world with a powerful new software platform.  With Hyperproof, companies can save time and money while also operating their programs at a much higher level of effectiveness and accountability.  We envision a world where organizations we depend on are truly trustworthy - and Hyperproof is the platform that will get them there.

We have a great team and culture - picture yourself in a highly collaborative startup environment where you can make a real impact on something truly important. It’s an exciting time to be at Hyperproof; we raised our Series B round in 2023, validating our teamwork and company vision, and we continue to grow rapidly. 

As we continue to grow, we are seeking a talented Senior DevSecOps Engineer to join our team and lead our efforts in supporting our multi-region, FedRAMP-authorized infrastructure.

WHO YOU ARE:

You are a seasoned Senior DevSecOps Engineer with a passion for ensuring the reliability, scalability, and security of cloud-based infrastructure. You thrive in dynamic environments and possess a deep understanding of Azure technologies. Your expertise in DevOps methodologies and security practices, and federal compliance standards makes you an invaluable asset to any team.

You excel at collaborating with cross-functional teams and are dedicated to driving innovation and continuous improvement. You understand that compliance and developer velocity are not opposing forces — and you know how to architect systems that deliver both.

WHAT YOU WILL DO:

As a Senior DevSecOps Engineer, you will lead the management and optimization of Hyperproof's Azure-based infrastructure across commercial and FedRAMP regions. Your responsibilities will include:

• Develop and execute DevOps strategy tailored to all Hyperproof regions, including our FedRAMP-authorized environments.
• Own and evolve our Terraform/Terragrunt IaC pipeline for multi-subscription promotion, including continuous monitoring
• Architect secure, scalable platform infrastructure including GitHub Actions, GitLab, and ADO CI/CD pipelines with security gates, Kubernetes environments, observability systems, and compliance automation that enables developer  velocity while maintaining continuous compliance posture.
• Support FedRAMP authorization activities: contribute to SSP documentation, NIST 800-53  control implementations, 3PAO coordination, and readiness assessments while establishing  repeatable processes.
• Lead the design and security implementation of our Seattle-based on-premise build/test platform. You will ensure that physical hardware configurations (firmware, networking, and storage layout) maintain parity with our Azure Kubernetes Service (AKS) patterns while meeting strict SOC 2 compliance standards for local developer workflows.
• Establish security and compliance architecture patterns across encryption, network  segmentation, secrets management, supply chain security, and incident response.
• Drive technical decisions and technology selection for cloud platforms, compliance tooling, and security controls.
• Mentor and raise the technical bar across engineering teams through architecture reviews,  design discussions, and establishing FedRAMP best practices.
• Partner with security, product, and business leadership to translate federal customer  requirements into technical architecture and deliver measurable improvements in security  posture and operational efficiency.
• Monitor, triage, and remediate CVEs and security vulnerabilities across infrastructure,  container images, and dependencies — maintaining compliance with FedRAMP continuous monitoring requirements.

WHAT YOU WILL BRING:
Required:

• U.S. citizenship, residing and working from within the United States.*
• BS in Computer Science, Engineering, or a related field (or equivalent  experience).
• 5+ years of extensive experience in SRE, DevSecOps or Platform engineering roles, with a focus on managing  Azure-based infrastructure.
• Demonstrated knowledge and interest in applying AI technologies towards fully or partially automating compliance & security workflows
• Strong programming skills (Python, Bash, Go, or Node.js) and demonstrated ability to drive complex technical initiatives from architecture through production.
• Expertise in modern platform technologies: Kubernetes security, infrastructure-as-code (Terraform/Terragrunt), GitOps (Helm/ArgoCD/Flux), Ansible, CI/CD security, observability systems, and secrets management.
• Familiarity with compliance standards and regulations, particularly NIST 800-53 and  FedRAMP.
• Excellent communication and collaboration skills, with the ability to work effectively in  a cross-functional team environment.
• A positive attitude and a willingness to learn, adapt, collaborate, and grow in a dynamic  environment.
  

Preferred:

• Experience contributing to FedRAMP authorization efforts (Moderate or High), including SSP documentation, control implementation, or 3PAO coordination.
• Experience with Azure networking, and security boundaries.
• Experience with compliance automation, supply chain security (SBOM, image signing), or secrets management at scale.
• Professional certifications: CISSP, Azure Security Specialty, CKS, or equivalent.
• Familiarity with CMMC, OSCAL, or compliance-as-code practices.
• Experience with vulnerability scanning and remediation tooling (e.g., Trivy, Snyk, Qualys, or Defender for Cloud).
• Advanced degree in Computer Science or related field, or equivalent experience architecting secure, compliant platforms at scale.

LOCATION

Fully remote within the Seattle area; available to work until 6pm Pacific on a daily basis.

CANDIDATE EXPERIENCE

We respect your time and aim for transparency throughout the interview process. You can expect:

• A 30-minute initial chat with our Principal People & Talent Partner.
• A Take Home Assessment, which you will work on within GitHub.
• Three 60-minute 1:1 interviews with members of our engineering team, one of them who will be the hiring manager.

This process allows both parties to ask questions and gauge fit for the team.
*Due to the nature of the work and participation in federal security and compliance programs, U.S. citizenship is required as a bona fide occupational qualification in accordance with federal government security and compliance regulations. This role requires physical presence within the United States while working — access to FedRAMP-authorized  environments from outside U.S. borders is not permitted.