DevSecOps Engineer

Dev Sec Ops  Engineer

Momnt is an expanding financial technology company specialising in embedded lending and point-of-need consumer financing based in Sandy Springs, GA. We are transforming how merchants provide financing to their customers with our embedded lending platform. Our platform delivers a seamless digital experience that makes financing simple, fast, and affordable, connecting high-quality lenders with merchants, primarily in the home improvement sector, to empower consumers to pay for the things they need.

We’re looking for a hands‑on Dev Sec Ops  Engineer with deep AWS experience, strong AWS CDK skills, and practical experience securing CI/CD pipelines using Git Hub Actions. This person should be comfortable working across AWS infrastructure, Kubernetes, IAM, networking, CI/CD security, Trivy, SAST, DAST, Datadog, automation, monitoring, incident response, and compliance.

Our infrastructure is currently managed through AWS CDK, so strong hands‑on experience with CDK is required. Terraform experience is also strongly preferred, as Momnt may use Terraform for future infrastructure projects.

In a company our size, you won’t just advise from the sidelines. You will be directly involved in building, securing, automating, and improving the systems that support our platform. You’ll own key parts of our infrastructure security posture, cloud environments, CI/CD security, and compliance readiness while working closely with engineering leadership and developers.

If you want a role where you can see the direct impact of your work, have genuine autonomy, and help shape the security culture of a regulated fintech from the ground up, this is it.

Location & Work Authorization:

Key Responsibilities as our DEVSECOPS, you will:

• Own and improve infrastructure as code standards, reusable CDK constructs, deployment patterns, and environment consistency.
• Support future infrastructure as code initiatives using Terraform, if adopted.
• Manage AWS environments across core services such as IAM, VPC, EKS, ECS, Lambda, API Gateway, Cloud Front, WAF, Route 53, S3, RDS, KMS, Secrets Manager, Cloud Watch, Security Hub, Guard Duty, and AWS Config.
• Manage and harden Kubernetes environments, including EKS clusters, container runtimes, workload identities, ingress controls, network policies, and image security.
• Own cloud networking architecture, including VPCs, subnets, routing, security groups, private endpoints, WAF, and zero trust access controls.
• Implement and enforce least‑privilege IAM policies across AWS accounts, services, applications, and CI/CD workflows.
• Build, maintain, and secure CI/CD pipelines using Git Hub Actions.
• Integrate security controls into CI/CD workflows, including Trivy, SAST, DAST, dependency scanning, container image scanning, infrastructure scanning, and secrets detection.
• Use Datadog for logging, monitoring, alerting, dashboards, threat detection, and incident investigation.
• Write and maintain automation scripts in Bash and Python to support AWS operations, CI/CD workflows, vulnerability management, security monitoring, and recurring operational tasks.
• Support shift‑left security by making secure development and deployment practices easy for developers to adopt.
• Manage vulnerability management, patching cadence, and remediation tracking across infrastructure, containers, and application environments.
• Conduct internal security assessments and coordinate external penetration tests and security reviews.
• Respond to security incidents, lead post‑mortems, document lessons learned, and drive remediation.
• Support and maintain compliance programs, including SOC 2 Type II, PCI‑DSS, and relevant financial technology requirements.
• Own evidence collection, control mapping, auditor communication, and compliance documentation.
• Maintain encryption‑at‑rest, encryption‑in‑transit, data residency, and key management standards.
• Partner with legal, product, and engineering teams to assess…