Director of DevOps​/SecOps

DIRECTOR OF DEVOPS/SECOPS

ABOUT SERVICECORE

Service Core is the leading field service software platform built for the portable sanitation and roll-off industries. We run two SaaS products - Service Core for liquid waste operators (portable sanitation & septic) and Docket for solid waste haulers (roll-off dumpster, commercial & residential waste) - serving thousands of operators across North America. Our software helps hardworking business owners save time, stay organized, and get paid faster by streamlining job management, route optimization, inventory tracking, and billing automation.

Our customers work hard, and so do we-giving them tools to get more done with less stress.

We live by our core values of Love Our Customers, Be Real, Give a Shit, Deliver Results and of course Keep it Fun. Service Core provides hard-working individuals the opportunity to work and grow within an agile, fast-paced start-up environment. We are proud of our accomplishments and take our jobs seriously while not taking ourselves too seriously. We believe in growing together, celebrating successes, and empowering each team member to make a real impact.

We build big things, help hard-working people, and try to enjoy the journey. If that sounds like your kind of place, read on.

ABOUT

THE ROLE

We're looking for a Director of Dev/Sec Ops to own the security posture and operational foundation across Service Core's entire cloud environment. This is a security-first leadership role - you'll be the person who makes sure we build and ship software the right way: securely, reliably, and at speed.

You'll be operating across two distinct cloud platforms:
Service Core runs on AWS, while Docket runs on GCP with Firebase at its core. That means you're not just securing one stack - you're building a unified security program across two cloud providers, two codebases, and 20+ third-party integrations.

We're also an AI-first development organization, and that creates a genuinely new set of responsibilities for this role. We're already using a wide range of AI tools across engineering; you'll be the person who governs that toolchain: helping us evaluate what to adopt, setting the policies that protect our customers' data, and making sure our AI usage doesn't become a security liability as we scale.

This role reports to senior leadership and owns the security roadmap end-to-end. It's a builder role - you'll inherit a solid foundation and have the mandate to make it great.

WHAT YOU'LL DO

AI Tool Governance & Security

* Partner with the AI Council and Engineering Directors to build our AI tool evaluation framework - define the security, privacy, and compliance criteria we use to assess every new AI tool before adoption

* Govern our multi-LLM provider relationships - review data processing agreements, audit data retention policies, and ensure contractual protections for customer data

* Establish and enforce policies around what data can flow through AI services: PII boundaries, source code confidentiality rules, and customer data handling requirements for coding assistants, LLM APIs, and agentic tools

* Secure MCP-connected agents that have access to internal systems - define least-privilege access models, audit trails, and data egress controls

* Define secure patterns for integrating LLM capabilities into our products - prompt injection defenses, output validation, model access controls, and logging/observability for AI-driven features

* Build and maintain an AI tool inventory with risk classifications; lead periodic reviews as the landscape evolves

* Partner with engineering and product to help us get the productivity benefits of AI without creating new risk exposure

Security Leadership

* Own and continuously improve our security posture across AWS and GCP/Firebase

* Lead threat modeling, vulnerability management, and security incident response programs

* Establish and enforce security policies, standards, and controls across the full SDLC

* Champion a security-first engineering culture - make secure the path of least resistance for developers

* Manage relationships with external auditors, penetration testers, and compliance bodies

Compliance & Risk

* Drive and maintain SOC 2 Type II compliance; own evidence collection and audit processes across both platforms

* Manage PCI-DSS considerations across payment processor integrations

* Build and maintain a risk register; proactively surface and prioritize risks to leadership

* Own third-party vendor security reviews across our 20+ integration partners - including AI vendors

* Monitor regulatory developments relevant to SaaS, AI, and the industries we serve

Dev Ops & Platform Engineering

* Secure CI/CD pipelines across both cloud environments - secrets management, dependency scanning, SAST/DAST

* Lead infrastructure-as-code strategy and ensure security guardrails are built in by default

* Own cloud security architecture

* Secure Cloudflare CDN/WAF configuration, DDoS posture, and DNS hygiene

* Drive incident response readiness: runbooks,…