Senior DevSecOps Engineer

June 4, 2026

Other Jobs To Apply

<h2>About Us</h2>We’re a startup with big ambitions: to make estate planning modern, visual, and intelligent. <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.justvanilla.com/">Vanilla</a> is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience.Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We’re distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you’ll join curious builders and problem-solvers who thrive on speed, autonomy, and impact. Here, you won’t just join a company, you’ll help create it. If you’re excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we’d love to meet you.<h1>Working Location</h1>This role is a remote position, you must be based out of one of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, New York, Ohio, Pennsylvania, Texas, Utah or Washington.<h1>Job Summary</h1>We’re looking for a Senior DevSecOps Engineer to own and operate our security tooling, manage key vendor relationships, and drive our application and cloud security programs forward. This is a hands-on, high-ownership role: you’ll be the day-to-day operator of our security stack, the point person for our vCISO engagement, and the engineer building the processes that keep Vanilla’s platform and infrastructure secure.You’ll also own the operational cadence of our security program: managing vendor-led pen tests, running tabletop exercises, maintaining our incident response playbook, and building a multi-quarter security roadmap.This role is ideal for a strong DevOps or infrastructure engineer who is security-minded, eager to own a security program, and comfortable operating in a fast-moving Series B environment. You’ll report to the Director of Engineering and collaborate closely with our vCISO (Latacora) and external partners.<h1>Responsibilities</h1>Cloud & Infrastructure Security<ul style="min-height:1.5em"><li>Secure AWS infrastructure, systems, and networking</li><li>Review infrastructure-as-code (Terraform) changes for security implications</li><li>Support secrets management, IAM policy reviews, and encryption standards</li><li>Triage and respond to cross-team IT requests that carry security implications</li></ul>Security Operations & Tooling<ul style="min-height:1.5em"><li>Operate and tune security tooling including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare</li><li>Monitor and triage security alerts across dedicated channels</li><li>Serve as the primary responder for cross-team security requests</li></ul>Vendor & Program Management<ul style="min-height:1.5em"><li>Manage the vCISO relationship, including coordinating on cloud security posture, endpoint coverage, and SOC 24x7 operations</li><li>Own the annual penetration test lifecycle: vendor selection, scoping, coordination, remediation tracking, and reporting</li><li>Scope and coordinate AI red team engagements</li><li>Run tabletop exercises and maintain the incident response playbook</li><li>Build and maintain a multi-quarter security roadmap in partnership with engineering leadership</li></ul>Application Security<ul style="min-height:1.5em"><li>Own and evolve pre-deploy security gates across CI/CD pipelines</li><li>Run vulnerability management for libraries and application code: scanning, prioritization, and remediation workflows</li><li>Conduct threat modeling for new features, integrations, and architecture changes</li><li>Champion secure coding practices across engineering teams</li></ul>AI Security<ul style="min-height:1.5em"><li>Scope and coordinate AI red team exercises against Vanilla’s AI-powered features</li><li>Assess security of AI/ML pipelines, inference endpoints, and third-party AI vendor integrations</li><li>Implement and maintain guardrails for AI outputs, including controls against prompt injection and data exfiltration</li><li>Establish data governance practices for sensitive training data (PII/PHI in estate and financial documents)</li></ul><h1>What This Role Is Not</h1>This role is focused on infrastructure and security engineering, not compliance or customer trust. SOC 2, security questionnaires, and audit documentation sit elsewhere in the org.Required QualificationsMust Have<ul style="min-height:1.5em"><li>Hands-on AWS experience: infrastructure, networking, and cloud security posture</li><li>Experience with infrastructure-as-code (Terraform or CloudFormation)Strong understanding of IAM, network security, encryption, and secrets management</li><li>Hands-on vulnerability management experience: scanning, triage, remediation workflows</li><li>Experience with threat modeling, secure code review, and CI/CD security gating.</li><li>Strong scripting and automation skills (Python, Bash, or similar)</li></ul>Nice to Have<ul style="min-height:1.5em"><li>Experience operating security tooling: EDR, SIEM, email security, WAF, or similar</li><li>Familiarity with SentinelOne, Sublime, Panther, or Cloudflare specifically</li><li>Prior incident response or tabletop exercise facilitation</li><li>Exposure to AI/ML security: LLM risks, securing inference endpoints, or data privacy in ML contexts</li><li>Experience in fintech, wealthtech, or other regulated industries</li><li>Familiarity with supply chain security </li></ul>The salary range for this role is $180,000 to $210,000. Our compensation packages also include a performance-based bonus and equity. Compensation is based on a number of factors and may vary depending on job-related knowledge, skills, and experience.<h2>Benefits:</h2><ul style="min-height:1.5em"><li>Flexible paid time off policy and 10 company-wide paid holidays </li><li>Parental leave, 6 weeks for all full-time employees and up to 14 weeks for birthing parents</li><li>Medical, dental, and vision benefits coverage for employees and their families </li><li>401K eligibility after one month of employment</li><li>Free estate planning documents</li><li>Budget for learning & development and home office setup </li><li>Paid parking or transit for hybrid and in office employees </li></ul>Vanilla Technologies Inc. (dba "Vanilla") provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Vanilla participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...

DISCLAIMER