Raya Logo

Raya

DevSecOps Engineer

Posted 3 Days Ago
Remote
Hiring Remotely in USA
160K-190K Annually
Mid level
Remote
Hiring Remotely in USA
160K-190K Annually
Mid level
Own and harden cloud-native security across AWS/EKS and related systems. Triage and remediate scanner findings, embed security checks into CI/CD and PDLC, collaborate with DevOps and engineering, and expand guardrails to make security native to shipping workflows.
The summary above was generated by AI
We prioritize learning and teamwork and love giving people the opportunity to champion solutions to big challenges and grow into better versions of themselves. A great candidate believes in Raya's vision, which is to enrich lives by fostering relationships through quality, in person interactions. You thrive at the intersection of DevOps and Security, and you're excited to drive measurable impact by hardening our AWS/EKS environment and systematically closing out security findings. 
 

Responsibilities

  • Security Ownership: Drive software engineering security hygiene end-to-end, from identifying vulnerabilities and misconfigurations to implementing durable fixes across our platform. This includes AWS, Kubernetes, CDN/WAF, and other technologies used in the PDLC

  • Cross-Functional Collaboration: Work hand-in-hand with DevOps and Engineering teams to embed security best practices into everyday workflows, without slowing down velocity

  • Continuous Learning: Stay current on evolving cloud security threats, tooling, and best practices, ensuring Raya's infrastructure stays ahead of emerging risks

  • Findings Remediation: Triage, prioritize, and systematically close out security findings, translating scanner output into practical, actionable engineering fixes

  • Operational Excellence: Expand and maintain security checks and guardrails in CI/CD pipelines and the broader PDLC, so security becomes a natural part of how we ship, not an afterthought

Qualifications

  • Strong hands-on experience with AWS and Kubernetes/EKS, comfortable navigating cloud infrastructure and container environments from day one

  • Solid foundation in security fundamentals: vulnerability management, IAM, network security, and cloud security posture management

  • Experience triaging and remediating security findings from vulnerability scanners or cloud security tools

  • Familiarity with CI/CD pipelines and integrating security practices into the software development lifecycle

  • Strong communication skills, able to work effectively with both DevOps and Security stakeholders and translate technical risk into clear priorities

  • Experience with Infrastructure-as-Code (e.g., Terraform/OpenTofu), compliance frameworks, or container security tooling

What Sets You Apart

  • Bridge Builder: You naturally sit at the intersection of DevOps and Security, translating between the two and earning trust from both sides

  • Impact-driven: You prioritize the fixes and improvements that meaningfully reduce risk, rather than chasing every alert

  • Growth-oriented: You possess a perpetual learner's mindset, staying curious about new threats, tools, and cloud-native security practices

  • Ownership mentality: You take findings from discovery to resolution without needing to be chased, and you build systems so problems don't recur

  • Productivity-obsessed: You value tools, workflows, and automation that make security scalable rather than manual

  • Bias toward shipping and iteration: You're able to harden systems incrementally, learn, and refine in short cycles rather than waiting for a "perfect" fix

HQ

Raya Los Angeles, California, USA Office

Raya is centrally located in Los Angeles. Our office is nestled among some of LA's best known sites, including LACMA and the Grove.

Similar Jobs

3 Days Ago
Easy Apply
Remote
United States
Easy Apply
130K-225K Annually
Senior level
130K-225K Annually
Senior level
Artificial Intelligence • Consumer Web • Digital Media • Fintech • Marketing Tech • Software • Financial Services
Lead and build the DevSecOps function: implement SOC 2 controls, automate compliance and evidence pipelines, own cloud security posture, CI/CD security gates, vulnerability management, and AI-assisted auto-remediation to embed security as code across the developer lifecycle.
Top Skills: Ai/LlmAspmCi/CdContainer ScanningCspmDrataIac ScanningIamInfrastructure-As-CodeKey ManagementLoggingMulti-CloudPrisma CloudSastSbomScaSecret ScanningSIEMSnykSoc 2TerraformVantaWiz
Yesterday
In-Office or Remote
105K-231K Annually
Mid level
105K-231K Annually
Mid level
Information Technology • Consulting • Defense
Design, develop, and maintain secure, scalable cloud-native microservices and tools on GCP. Build CI/CD pipelines, deploy/manage GKE and Confidential Compute, integrate APIs (including AI/ML outputs), configure monitoring/logging, perform secure coding and vulnerability remediation, and participate in code reviews and technical documentation.
Top Skills: BashCloud LoggingCloud MonitoringConfidential ComputeContainer RegistriesDockerFirewall RulesGitlab CiGoGoogle Cloud Platform (Gcp)Google Kubernetes Engine (Gke)Infrastructure As Code (Iac)JavaJenkinsKubernetesLoad BalancingOwasp Top 10PythonVpc
7 Days Ago
In-Office or Remote
IN, USA
180K-198K Annually
Senior level
180K-198K Annually
Senior level
Events • Kids + Family • Logistics • Other • Productivity • Software • Database
Own end-to-end security for Campminder: architect and harden identity, access, and cloud-native infrastructure; integrate SAST/DAST/SCA into CI/CD; manage vulnerability scanning, WAF, EDR/DLP and SIEM/XDR; administer secrets and vaults; execute PCI technical controls and ASV scans; harden containers and Kubernetes; coordinate pen tests and remediation; run security awareness training and maintain AI governance.
Top Skills: AsvAuth0Azure Conditional AccessCi/CdContainer SecurityDastDlpEdrImage ScanningKnowbe4KubernetesMfaMondooOktaPciPolicy-As-CodeSaqSastScaSecrets ManagementSecurity JourneySecuritymetricsSIEMVault-Based StorageWafXdrZero Trust

What you need to know about the Los Angeles Tech Scene

Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.

Key Facts About Los Angeles Tech

  • Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
  • Key Industries: Artificial intelligence, adtech, media, software, game development
  • Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
  • Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account