The Senior DevSecOps Engineer will enhance security for a high-transaction production platform, managing compliance and automating processes while collaborating with development teams.
About Wyllo
About the Role
You will
You have
Working at Wyllo
Wyllo is a CX-first, end-to-end risk intelligence platform that helps ecommerce merchants manage fraud, policy abuse, and customer experience across the entire commerce lifecycle. By combining identity signals with behavioral intelligence, Wyllo enables merchants to better understand shopper intent and make smarter decisions across checkout, returns, refunds, and customer support. Wyllo works with leading ecommerce brands and integrates directly into the platforms where merchants manage orders and customer interactions. Learn more at www.wyllo.ai
About the Role
We're hiring a Senior DevSecOps Engineer to own the security posture of a production platform that processes millions of real-time transactions for thousands of merchants. You'll report to the Director of DevOps & SecOps and work alongside a small, high-trust infrastructure team.
This is a senior individual contributor role with real scope. You'll drive our PCI DSS 4.0 program end to end — not only the evidence collection, but the architectural decisions that determine what evidence we need to collect in the first place. You'll own our SOC 2 continuous monitoring. You'll decide how security gets enforced in our CI/CD pipelines in a way that keeps developers moving rather than routing around you. Because we handle payment data in a fraud-prevention context, the security work here has an unusually short path to business risk — weak controls don't just invite auditors, they put customer trust on the line.
You'll own the full container security architecture and make the design decisions that shape how we scan at build time and protect workloads at runtime. You'll push compliance automation until evidence is a byproduct of how our systems run, not a quarterly project. You'll evaluate security tooling for this environment and bring a point of view on what we should commit to next. And you'd be a primary voice in how we interpret and meet PCI DSS 4.0's newer requirements — the ones that demand engineering judgment, not just checkbox compliance.
You will
Our stack is primarily AWS, heavily Terraform-managed, with workloads running across a mix of compute services and a container orchestration migration underway. We run multiple CI/CD systems, centralized secrets management, and modern observability and security monitoring across the platform. We're opinionated about Infrastructure-as-Code; we're less opinionated about which specific tools solve a given problem, and we expect the person in this role to bring a point of view on what we should standardize on next.
This is a team that takes security seriously and has built real infrastructure around it — you'd be joining to raise the bar further, not to start from scratch. PCI DSS 4.0 introduces requirements that demand engineering judgment, not just checkbox compliance, and we're looking for someone who can help us interpret what those mean for our specific environment.
You've spent six or more years securing production cloud environments — the specifics matter less to us than the trajectory: did the problems get harder, did your ownership grow, and can you point to outcomes that mattered? You're fluent in Terraform and AWS at the level where IAM policy decisions come from experience, not from re-reading the docs each time — the kind of fluency you get from having cleaned up a bad VPC peering mistake, not from passing a certification exam. You write Python and Bash well enough that when you see a manual process, your instinct is to automate it before the third time you do it. You've led at least one compliance implementation — PCI, SOC 2, HITRUST, FedRAMP; the shape of the work matters more than the specific framework — and you came out of it knowing which controls actually reduced risk in your environment and which ones existed only to satisfy an auditor who would never check twice.
We care a lot about how you think about the engineering relationship. Security people who treat developers as adversaries don't fit here. When a developer routes around a security control here, your first question should be what made the control annoying enough to dodge — not how to lock the bypass down harder. Good communication is a real part of the job — you'll spend meaningful time with auditors, with leadership, and with engineers who don't think about security full-time, and moving between those audiences is work we need you to do well.
Experience in payments, fraud prevention, or any regulated-data domain is a plus. Certifications are not required; we evaluate on what you've built and how you reason about trade-offs.
We’re a high-performing team that is passionate about fraud and a community driven by values that shape everything we do. We seek passionate and dedicated individuals who align with our core principles; Integrity, Pride, Humility and Impact.
- Integrity: We do the right thing, even when it’s tough, and even if no one sees it. We always consider the customer’s best interest in every decision we make.
- Pride: We know that the work we do is important, and we take great pride in doing it well. We show up every day with the best intentions, ready to deliver superb outcomes for our team, our customers, and ourselves.
- Humility: We leave our egos at the door, approaching problems as a team, with openness and collaboration. We’re willing to be wrong in order to get things right.
- Impact: We are results-oriented, we take ownership, and we hold ourselves accountable to get things done and deliver results.
If you are excited to collaborate in a fast-paced, purpose-driven environment where your contributions truly matter, we’d love to have you join us!
Equal Employment Opportunity
Wyllo LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics, sexual orientation, political affiliation, military veteran status, domestic violence victim status, or any other protected characteristic under applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Similar Jobs
Artificial Intelligence • Machine Learning • Software • Defense
The DevOps Engineer will manage build and deployment automation, improve platform health, and develop self-service tools while ensuring robust DevOps practices with AWS.
Top Skills:
AWSBashCi/CdDatadogDockerElasticsearchOpensearchPulumiPythonTerraform
Software
The Senior DevOps Engineer will manage and improve infrastructure, automate deployment processes, and ensure security and reliability for cloud-based platforms.
Top Skills:
AnsibleAWSBashCloudFormationDatadogDockerEcsGithub ActionsGitlabGoGrafanaPrometheusPythonTerraform
Events • Kids + Family • Logistics • Other • Productivity • Software • Database
The Senior DevOps Engineer will align the DevOps platform with modern practices, automate pipelines, mentor engineers, and integrate AI tooling across the organization.
Top Skills:
.Net FrameworkAICi/CdDevOpsJavascript FrameworkKubernetesTerraform
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
