Senior DevSecOps Engineer
About Us
We’re a startup with big ambitions: to make estate planning modern, visual, and intelligent. Vanilla is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience. Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We’re distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you’ll join curious builders and problem-solvers who thrive on speed, autonomy, and impact. Here, you won’t just join a company, you’ll help create it. If you’re excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we’d love to meet you. Working Location This role is a remote position, you must be based out of one of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, New York, Ohio, Pennsylvania, Texas, Utah or Washington. Job Summary We’re looking for a Senior DevSecOps Engineer to own and operate our security tooling, manage key vendor relationships, and drive our application and cloud security programs forward. This is a hands-on, high-ownership role: you’ll be the day-to-day operator of our security stack, the point person for our vCISO engagement, and the engineer building the processes that keep Vanilla’s platform and infrastructure secure. You’ll also own the operational cadence of our security program: managing vendor-led pen tests, running tabletop exercises, maintaining our incident response playbook, and building a multi-quarter security roadmap. This role is ideal for a strong DevOps or infrastructure engineer who is security-minded, eager to own a security program, and comfortable operating in a fast-moving Series B environment. You’ll report to the Director of Engineering and collaborate closely with our vCISO (Latacora) and external partners.
Responsibilities
Cloud & Infrastructure Security Secure AWS infrastructure, systems, and networking Review infrastructure-as-code (Terraform) changes for security implications Support secrets management, IAM policy reviews, and encryption standards Triage and respond to cross-team IT requests that carry security implications Security Operations & Tooling Operate and tune security tooling including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare Monitor and triage security alerts across dedicated channels Serve as the primary responder for cross-team security requests Vendor & Program Management Manage the vCISO relationship, including coordinating on cloud security posture, endpoint coverage, and SOC 24x7 operations Own the annual penetration test lifecycle: vendor selection, scoping, coordination, remediation tracking, and reporting Scope and coordinate AI red team engagements Run tabletop exercises and maintain the incident response playbook Build and maintain a multi-quarter security roadmap in partnership with engineering leadership Application Security Own and evolve pre-deploy security gates across CI/CD pipelines Run vulnerability management for libraries and application code: scanning, prioritization, and remediation workflows Conduct threat modeling for new features, integrations, and architecture changes Champion secure coding practices across engineering teams AI Security Scope and coordinate AI red team exercises against Vanilla’s AI-powered features Assess security of AI/ML pipelines, inference endpoints, and third-party AI vendor integrations Implement and maintain guardrails for AI outputs, including controls against prompt injection and data exfiltration Establish data governance practices for sensitive training data (PII/PHI in estate and financial documents) What This Role Is Not This role is focused on infrastructure and security engineering, not compliance or customer trust. SOC 2, security questionnaires, and audit documentation sit elsewhere in the org.
Required Qualifications
Must Have Hands-on AWS experience: infrastructure, networking, and cloud security posture Experience with infrastructure-as-code (Terraform or CloudFormation)Strong understanding of IAM, network security, encryption, and secrets management Hands-on vulnerability management experience: scanning, triage, remediation workflows Experience with threat modeling, secure code review, and CI/CD security gating. Strong scripting and automation skills (Python, Bash, or similar)
Nice to Have
Experience operating security tooling: EDR, SIEM, email security, WAF, or similar Familiarity with SentinelOne, Sublime, Panther, or Cloudflare specifically Prior incident response or tabletop exercise facilitation Exposure to AI/ML security: LLM risks, securing inference endpoints, or data privacy in ML contexts Experience in fintech, wealthtech, or other regulated industries Familiarity with supply chain security The salary range for this role is $180,000 to $210,000. Our compensation packages also include a performance-based bonus and equity. Compensation is based on a number of factors and may vary depending on job-related knowledge, skills, and experience. Benefits: Flexible paid time off policy and 10 company-wide paid holidays Parental leave, 6 weeks for all full-time employees and up to 14 weeks for birthing parents Medical, dental, and vision benefits coverage for employees and their families 401K eligibility after one month of employment Free estate planning documents Budget for learning & development and home office setup Paid parking or transit for hybrid and in office employees Vanilla Technologies Inc. (dba "Vanilla") provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Vanilla participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. Apply To This Job