DevSecOps Engineering Specialist

This role is for the security engineer who builds the fortress before the first tenant moves in.

Why This Role Exists

Muse serves clients whose security requirements are measured against DoD-level standards. The DevSecOps Specialist will establish and maintain the secure infrastructure backbone for a private creator platform that requires enterprise-grade data sovereignty and zero-trust security protocols. This role manages the entire security lifecycle, from hardening the CI/CD pipeline and implementing infrastructure-as-code to ongoing vulnerability assessments, coordinating penetration tests, and planning incident responses.

You will embed security practices throughout the development workflow, ensuring rapid feature deployment without compromising the privacy and protection standards demanded by high-visibility users. You are expected to leverage AI tooling to amplify your effectiveness across security automation, threat detection, and infrastructure management, while retaining complete control over security architecture decisions.

What You Will Do

Own the security posture of the platform. Establish zero-trust architecture principles, secrets management, network segmentation, and least-privilege access controls from the ground up.
Harden the CI/CD pipeline. Implement automated security scanning (SAST/DAST, dependency scanning, container image scanning) integrated into the development workflow.
Build infrastructure-as-code foundations. Define reproducible, auditable infrastructure for cloud and air-gapped deployment targets. Ensure all infrastructure changes are version-controlled and peer-reviewed.
Drive compliance readiness. Establish baseline security posture aligned with SOC 2, FedRAMP, and ISO 27001 requirements. Own gap analysis and remediation planning.
Define HSM integration patterns. Design and prototype key management architecture for VVIP deployments, including envelope encryption, per-tenant key isolation, and offline key management.
Establish security culture. Create onboarding documentation, security review standards, and guardrails that subsequent engineering hires build within.

How You Will Thrive

Ideal candidates have 10+ years of experience in secure cloud architectures, proven expertise with zero-trust frameworks and compliance certifications (FedRAMP, SOC 2, ISO 27001), and a history of building security-first infrastructure for sensitive user groups.

What Success Looks Like

Day 30: Security audit of existing codebase and infrastructure completed with prioritized findings. CI/CD pipeline hardened with automated security scanning. Threat model documented for VVIP deployment tier.
Day 60: Infrastructure-as-code foundations established for at least one deployment target. Zero-trust principles codified into enforceable policies. Compliance gap analysis completed against target certifications.
Day 90: Air-gapped deployment playbook drafted and validated in sandbox. HSM integration patterns defined and prototyped. Security onboarding documentation ready for subsequent engineering hires.

Details

Location: Remote-first (Miami preferred). Compensation commensurate with experience. Equity options available. EOE.

Apply for This Position