DevSecOps Engineer

About The Role

As the Staff Dev Sec Ops  Engineer, you will be the technical owner of how security is built into Trase's software development lifecycle and cloud operations. You will integrate automated security testing, continuous vulnerability management, and secure coding practices directly into our existing CI/CD pipelines, where the cost of catching misconfigurations and vulnerabilities is lowest and the blast radius is smallest.

You will own the implementation of Trase's dedicated security architecture, delivering shift-left tooling (SAST, DAST, SCA, secrets scanning, and IaC scanning) alongside production cloud security services and resources, all deployed through infrastructure-as-code. By standardizing and operating these secure pipelines, you will empower Trase's software engineers to focus on high-velocity delivery while ensuring that we maintain the controls and capabilities required by our customers and regulators.

Trase ships mission‑critical agentic applications into Healthcare, Oil & Gas, and National Security at the pace of a startup, under the scrutiny of a defense contractor. Our engineering velocity and the speed at which we deploy highly‑regulated workloads is one of our core advantages.

To preserve that velocity while maintaining customer trust and assurance, we must ensure that security is seamlessly and inextricably linked to delivery — and never bolted on after the fact.

This role exists to build upon our foundation and mature the ways in which we've embedded security throughout our pipelines and operations. It is a continued investment in our CI/CD security tooling, production cloud security architecture, detection and response capabilities, and the IaC patterns that make secure‑by‑default the path of least resistance for every Trase engineer.

• Design, implement, and operate the shift‑left security toolchain across Trase's CI/CD pipelines, which include but are not limited to SAST, DAST, SCA, secrets scanning, container image scanning, and IaC scanning.
• Define how findings are triaged, routed, and remediated; partner with engineering teams to keep developer experience high and friction low.
• Establish and enforce policy‑as‑code and pre‑merge security gates calibrated to risk.

• Design and deploy Trase's production cloud security architecture, with a primary focus on Google Cloud Platform (GCP) and a clear path to multi‑cloud as the business requires.
• Implement foundational controls including network segmentation, workload identity, secrets management, encryption (in transit and at rest), and least‑privilege IAM using both cloud‑native services and third‑party applications or platforms.
• Stand up and operate cloud security posture management (CSPM) and cloud workload protection capabilities.

• Build, codify, and maintain the secure‑by‑default infrastructure modules in Terraform, consumed by every Trase engineer.
• Embed security controls directly into platform abstractions so that the secure path is the default path.
• Drive secure baselines for Kubernetes, container runtimes, and serverless workloads.

• Operate and fine‑tune Trase's SIEM and security telemetry pipeline, designing log sources, detections, and alerting workflows from the ground up.
• Define detection‑as‑code practices and tune detections to balance signal and noise.
• Build dashboards and reporting that give the security team and leadership real‑time visibility into the live posture of the environment.

• Enhance and lead aspects of Trase's technical security incident response capability, including runbooks, on‑call rotation design, tabletop exercises, and post‑incident reviews.
• Serve as a senior responder during security events, coordinating across stakeholder groups and the broader enterprise.

• Operate the end‑to‑end vulnerability management lifecycle across application, container, and cloud surface area.
• Facilitate remediation SLAs, partner with engineering to drive them, and report on progress to leadership.

• Partner…