DevSecOps Engineer

Roadie, a UPS Company, is a logistics management and crowdsourced delivery platform. Founded in 2014, Roadie offers businesses fast, flexible and asset-light logistics solutions for last-mile delivery. Roadie enables local delivery to more than 95% of U.S. households by providing access to more than 200,000 independent drivers nationwide – allowing businesses to offer their customers delivery optionality for almost any industry, from airlines to artisans.

Under the supervision of the Head of TechOps, reporting to the Information Security team, the DevSecOps Engineer is responsible for supporting and implementing all aspects of secure SDLC, including patching vulnerabilities in libraries, code, and conducting security audits. You will work closely with our development, operations, and security teams to ensure that our cloud infrastructure and Kubernetes deployments are secure, scalable, and efficient. Your primary responsibility will be to integrate security practices into the CI/CD pipeline, automate security tasks, and ensure compliance with industry standards.

What You’ll Do

• Work cross-functionally with the InfoSec, SRE, and Engineering teams
• Keep up to date with current vulnerabilities in the DevOps space, patch, mitigate, or procure acceptance of the vulnerability by InfoSec standards
• Check code and repositories for insecure coding practices and work with Engineering teams to remediate
• Work closely with InfoSec to create and maintain Secure SDLC training
• Conduct security based quality assurance on pre-deployment packages, and seek approval or denial of those deployments based upon security findings
• Conduct security based quality assurance such as dynamic and static code testing
• Work closely with Compliance and Engineering teams to conduct pre-project risk assessments
• Implement security checks and practices within CI/CD pipelines to ensure secure code deployment and infrastructure
• Develop automation scripts and tools to streamline security processes, including vulnerability scanning, patch management, and incident response
• Conduct security training and awareness programs for engineering teams to promote a security-first culture

What You Bring

• Bachelor's Degree in Computer Science/Engineering, or related work experience
• 3+ years devops or development experience in an enterprise environment
• 1+ years security, risk, or compliance experience
• Strong knowledge of security tools and best practices, including vulnerability scanning (e.g., Nessus, Qualys), SAST/DAST, and container security tools
• Proficiency with scripting and automation languages, especially IaC such as Terraform, Crossplane, etc
• Experience with various development methodologies, tools, and CI/CD tools such as Bitbucket, Gitlab, Github, Circle CI, Travis CI, Argo CD, Azure DevOps
• Security and DevOps certifications strongly preferred

Why Roadie? 

• Competitive compensation packages 
• 100% covered health insurance premiums for yourself
• 401k with company match
• Tuition and student loan repayment assistance (that’s right - Roadie will contribute directly to your existing student loans!) 
• Flexible work schedule with unlimited PTO 
• Monthly 3-day weekends
• Monthly WFH stipend 
• Paid sabbatical leave - tenured team members are given time to rest, relax, and explore
• The technology you need to get the job done