[Hiring] DevSecOps Engineer @Distributed

May 09, 2025 - Distributed is hiring a remote DevSecOps Engineer. Location: UK.

DevSecOps Engineer – Industrial AI Platform Role Summary

You'll own security implementation across our AI deployment pipelines - from AWS EC2 development environments to air-gapped industrial sites. This hands-on role combines security engineering, infrastructure automation, and operational reliability for a platform deploying mission-critical ML models at the edge.

Key Responsibilities

1. Infrastructure Security Automation

• Develop and maintain OpenTofu modules for consistent VM provisioning across environments
• Harden EC2 and on-prem VM templates with Ansible security playbooks
• Implement least-privilege IAM policies and secure network configurations
• Design secure bootstrapping processes for production environments

• Secure our K3s clusters with proper pod security policies and network isolation
• Implement robust RBAC models with granular permissions
• Design secure inter-service communication patterns
• Build security monitoring for cluster components and workloads

• Integrate automated security scanning into build pipelines (container scanning, SCA, SAST)
• Implement secure artifact management with signing and verification
• Build proper secrets management for deployment pipelines
• Establish secure container base images and build processes

• Design secure update mechanisms for air-gapped environments
• Implement monitoring, alerting and incident response automation
• Build comprehensive logging and audit trails across environments
• Develop metrics for tracking security and reliability KPIs

• Create security dashboards for visibility into system security posture
• Build automated compliance validation for industrial requirements
• Develop practical security documentation and runbooks
• Run internal security reviews and share findings with engineering teams

Tech Stack

• Kubernetes (K3s for edge deployment, Kind for local dev, EKS for cloud)
• OpenTofu (planned) and Ansible for infrastructure automation
• AWS EC2 for development/test environments, on-prem for production
• GitHub Actions for CI/CD pipelines
• Docker for containerisation
• Python and Bash for security tooling and automation
• SvelteKit for frontend

Requirements

Essential Skills & Experience:

• Strong experience with infrastructure-as-code security (Terraform/OpenTofu, Ansible)
• Hands-on Kubernetes security implementation (networking, RBAC, policies)
• Experience securing containerised workloads and build pipelines
• Practical security monitoring and alerting implementation
• Experience with Linux security controls including AppArmor profile development and enforcement
• Comfort working with Python, shell scripts, and CLI tooling
• Ability to balance security requirements with practical engineering trade-offs
• Experience with log aggregation and operational monitoring

Desirable Skills:

• Experience with industrial or air-gapped deployments
• Knowledge of ML/AI deployment security considerations
• Familiarity with regulated environments (finance, healthcare, industrial)
• Experience with zero-trust networking concepts
• Experience with Linux hardening for edge deployments

About You

• You're hands-on - you code solutions rather than just pointing out problems
• You find pragmatic security solutions that work in the real world
• You can explain complex security concepts to people who don't live in that world
• You balance "secure by default" with "needs to actually work"
• You're comfortable diving into unfamiliar codebases to find and fix issues