[Remote] Senior DevOps Engineer, Security & Compliance

Overview

Note: The job is a remote job and is open to candidates in USA. Zafran Security is a leading company focused on cybersecurity, aiming to mitigate vulnerabilities in hybrid environments. They are seeking a Senior DevOps Engineer with a strong emphasis on security and compliance to lead their compliance efforts and work on infrastructure hardening, compliance certifications, and collaboration with the Security team.

Responsibilities

• Lead the technical work to achieve and maintain compliance certifications (SOC 2, ISO 27001, and the upcoming FedRAMP process)
• Design and implement security controls across AWS infrastructure, CI/CD pipelines, Kubernetes, and application deployments
• Build the automation, logging, and evidence collection required for continuous compliance
• Implement and maintain secrets management, IAM hardening, network segmentation, and encryption standards
• Develop infrastructure solutions for customers in highly regulated industries, including isolated or dedicated environments
• Collaborate with security, legal, and engineering on threat modeling, vulnerability management, and incident response
• Stay ahead of FedRAMP, FISMA, and related federal requirements and translate them into concrete engineering work

Skills

• Must be located in the US, with a strong preference for the New York area; US remote considered
• U.S. citizenship or lawful permanent resident status (Green Card) required due to FedRAMP-related eligibility requirements and access to a U.S.-only environment
• 5+ years of DevOps / platform engineering experience with a strong security focus
• Direct experience implementing controls for SOC 2, ISO 27001, HIPAA, PCI, or FedRAMP
• Deep AWS security knowledge: IAM, KMS, GuardDuty, Security Hub, VPC design, Config
• Strong Kubernetes security experience: network policies, admission control, runtime security
• Infrastructure as Code with Terraform, with a focus on policy-as-code
• CI/CD security: SAST, DAST, SCA, image scanning, supply chain hardening
• Solid scripting in Python or Bash
• Prior experience leading or mentoring a small team
• Direct hands-on experience with a FedRAMP Moderate or High authorization
• Experience with GovCloud (AWS US-East/West GovCloud regions)
• Relevant certifications (AWS Security Specialty, CISSP, CCSP)

Benefits

• Flexible PTO
• Health insurance plans (medical, dental, vision)
• A monthly stipend for phone and internet
• 401k
• Flexible spending account
• A home office stipend when joining
• Access to frontier AI models, including Claude, so every employee can work smarter, move faster, and build an AI-first career from day one

Company Overview

Zafran Security is a cybersecurity platform that identifies exploitable vulnerabilities and automatically mitigates them. It was founded in 2022, and is headquartered in New York, New York, USA, with a workforce of 51-200 employees. Its website is https://www.zafran.io.