Search all jobs
Browse jobsNew York, NY › Senior DevSecOps Engineer

Senior DevSecOps Engineer

Dforeferrals · New York, NY · Posted Jul 2, 2026

Apply on company site   Track it in JobSkout

Senior DevSecOps Engineer

Dalio Family Office

Dalio Family Office Overview:

The Dalio Family Office (DFO) supports Barbara and Ray Dalio and their family in their ventures, investments, and philanthropic efforts under Dalio Philanthropies, which includes OceanX, Dalio Education, Endless Network, and the Beijing Dalio Foundation. The core of the DFO’s culture is built around meaningful work and meaningful relationships and the family’s commitment to giving back. The office is headquartered in Westport, CT with regional offices in New York City, Singapore, and Abu Dhabi. This is a hybrid position reporting primarily out of our New York City office location.

Position Summary:

Reporting to the Cybersecurity Lead, the Senior DevSecOps Engineer will design, deploy, and secure scalable AWS + Azure environments with a strong focus on Infrastructure as Code (IaC). The purpose of this role is to build secure cloud-native infrastructure from the ground up, operationalize AWS/Azure services, and automate the reliability and security of mission-critical systems. You will embed security-by-design across the SDLC by implementing secure CI/CD pipelines with automated testing, policy controls, and supply-chain protections (SBOMs, signed artifacts, provenance), while centralizing security telemetry into Microsoft Defender for Cloud for unified posture management, threat detection, and compliance. The role also secures cloud infrastructure, data, and key management using AWS KMS and Azure Key Vault, hardens AKS/EKS with policy-as-code (OPA/Gatekeeper) and runtime protections, and extends these controls to AI/LLM development and inference platforms including AWS Bedrock, AI Foundry, and vLLM.

Day-to-day responsibilities would include a combination of the following:

Embed security-by-design across the SDLC with automated controls and measurable security outcomes.

Deliver a secure, compliant AWS/Azure cloud foundation with strong data protection and key management.

Harden container and Kubernetes platforms with consistent policy enforcement and runtime protection.

Build and maintain secure CI/CD pipelines with SAST/SCA, IaC + container scanning, secret detection, and policy gates, including threat modelling and secure design practices.

Enforce software supply-chain security (SBOMs, signed images, provenance verification) and route pipeline/code telemetry into Microsoft Defender for Cloud.

Secure AWS/Azure workloads across identity, network, compute, and storage; implement encryption, classification, retention, DLP, and safe logging.

Operate AWS KMS / Azure Key Vault (rotation, auditing, envelope encryption) and use Defender for Cloud for CSPM/CWPP, threat detection, and compliance.

Harden AKS/EKS using pod security, OPA/Gatekeeper, network policies, secrets management, and runtime protections; govern artifacts via JFrog Artifactory (trust, allow/deny, immutability) and integrate Kubernetes signals into Defender for Cloud.

Additional duties as assigned.

The ideal candidate will possess the following knowledge, skills, attributes, and values:

Security minded with the utmost regard for confidentiality and discretion.

Collaborative and helpful by nature.

Strong sense of ownership in one’s work.

Excellent communication and synthesis skills.

Demonstrated track record supporting mission-critical workloads end-to-end: secure deployments, hardening, centralized logging/telemetry, compliance, and continuous optimization.

Familiarity with cloud governance and security tooling including Microsoft Defender for Cloud, AWS SCPs/RCPs, Azure Policy, and OPA/Gatekeeper.

Illustrative Benefits:

100% company paid medical premiums

17 company paid holidays

Friday summer hours

Monthly community happy hours

Hybrid work environment

Free catered food services for in-office days

Generous PTO offering

Casual dress code

150% 401(k) match up to $7,500 and 100% match above $7,500 ($15k match limit)

Gym reimbursement, back up childcare services, insurance, financial, and legal services, and much more!

Qualifications:

Bachelor’s Degree or Diploma in Cybersecurity, Computer Science, Information Technology, or related discipline.

10+ years of experience in DevSecOps / Cloud Engineering delivering and securing production AWS and Azure environments, including cloud security architecture and operations.

At least 3 years hands-on experience operating enterprise-scale platforms (systems engineering/administration), including reliability engineering, monitoring/telemetry, and incident response.

Advanced IaC expertise with Terraform (plus CloudFormation/Bicep preferred), building standardized, governed cloud foundations (landing zones, guardrails, automation).

Proven experience building and securing CI/CD automation using GitLab and/or Azure DevOps, including automated security testing and supply-chain controls (SBOMs, artifact signing, provenance).

Strong Kubernetes security experience with AKS/EKS, including policy enforcement a…

Apply on company site