Senior DevSecOps Engineer

Senior DevSecOps Engineer Dalio Family OfficeDalio Family Office Overview: The Dalio Family Office (DFO) supports Barbara and Ray Dalio and their family in their ventures, investments, and philanthropic efforts under Dalio Philanthropies, which includes OceanX, Dalio Education, Endless Network, and the Beijing Dalio Foundation. The core of the DFO's culture is built around meaningful work and meaningful relationships and the family's commitment to giving back. The office is headquartered in Westport, CT with regional offices in New York City, Singapore, and Abu Dhabi. This is a hybrid position reporting primarily out of our New York City office location. Position Summary: Reporting to the Cybersecurity Lead, the Senior DevSecOps Engineer will design, deploy, and secure scalable AWS + Azure environments with a strong focus on Infrastructure as Code (IaC). The purpose of this role is to build secure cloud-native infrastructure from the ground up, operationalize AWS/Azure services, and automate the reliability and security of mission-critical systems. You will embed security-by-design across the SDLC by implementing secure CI/CD pipelines with automated testing, policy controls, and supply-chain protections (SBOMs, signed artifacts, provenance), while centralizing security telemetry into Microsoft Defender for Cloud for unified posture management, threat detection, and compliance. The role also secures cloud infrastructure, data, and key management using AWS KMS and Azure Key Vault, hardens AKS/EKS with policy-as-code (OPA/Gatekeeper) and runtime protections, and extends these controls to AI/LLM development and inference platforms including AWS Bedrock, AI Foundry, and vLLM. Day-to-day responsibilities would include a combination of the following: Embed security-by-design across the SDLC with automated controls and measurable security outcomes. Deliver a secure, compliant AWS/Azure cloud foundation with strong data protection and key management. Harden container and Kubernetes platforms with consistent policy enforcement and runtime protection. Build and maintain secure CI/CD pipelines with SAST/SCA, IaC + container scanning, secret detection, and policy gates, including threat modelling and secure design practices. Enforce software supply-chain security (SBOMs, signed images, provenance verification) and route pipeline/code telemetry into Microsoft Defender for Cloud. Secure AWS/Azure workloads across identity, network, compute, and storage; implement encryption, classification, retention, DLP, and safe logging. Operate AWS KMS / Azure Key Vault (rotation, auditing, envelope encryption) and use Defender for Cloud for CSPM/CWPP, threat detection, and compliance. Harden AKS/EKS using pod security, OPA/Gatekeeper, network policies, secrets management, and runtime protections; govern artifacts via JFrog Artifactory (trust, allow/deny, immutability) and integrate Kubernetes signals into Defender for Cloud. Additional duties as assigned. The ideal candidate will possess the following knowledge, skills, attributes, and values: Security minded with the utmost regard for confidentiality and discretion. Collaborative and helpful by nature. Strong sense of ownership in one's work. Excellent communication and synthesis skills. Demonstrated track record supporting mission-critical workloads end-to-end: secure deployments, hardening, centralized logging/telemetry, compliance, and continuous optimization. Familiarity with cloud governance and security tooling including Microsoft Defender for Cloud, AWS SCPs/RCPs, Azure Policy, and OPA/Gatekeeper. Illustrative Benefits: 100% company paid medical premiums 17 company paid holidays Friday summer hours Monthly community happy hours Hybrid work environment Free catered food services for in-office days Generous PTO offering Casual dress code 150% 401(k) match up to $7,500 and 100% match above $7,500 ($15k match limit) Gym reimbursement, back up childcare services, insurance, financial, and legal services, and much more! Qualifications: Bachelor's Degree or Diploma in Cybersecurity, Computer Science, Information Technology, or related discipline. 10+ years of experience in DevSecOps / Cloud Engineering delivering and securing production AWS and Azure environments, including cloud security architecture and operations. At least 3 years hands-on experience operating enterprise-scale platforms (systems engineering/administration), including reliability engineering, monitoring/telemetry, and incident response. Advanced IaC expertise with Terraform (plus CloudFormation/Bicep preferred), building standardized, governed cloud foundations (landing zones, guardrails, automation). Proven experience building and securing CI/CD automation using GitLab and/or Azure DevOps, including automated security testing and supply-chain controls (SBOMs, artifact signing, provenance). Strong Kubernetes security experience with AKS/EKS, including policy enforcement and runtime protections. Expertise in cryptographic key management and data protection, including AWS KMS / Azure Key Vault, encryption, and data security controls. Experience securing AI/LLM systems and inference platforms (AI Foundry, AWS Bedrock, vLLM), including knowledge of OWASP LLM Top 10 and LLM guardrails. Strong proficiency across Linux and Microsoft ecosystems (identity, hardening, patching, operational best practices) and scripting with Python/Bash/PowerShell (application languages such as Java/.NET/JavaScript (React.js) are a plus). Compensation: Compensation for the role includes a competitive salary in the range from $170,000 -$230,000 (inclusive of a merit-based bonus, dependent on years of experience, level of education obtained, as well as applicable skillset) and an excellent benefits package, including a comprehensive employer paid medical plan and generous employer match for 401k. Please note we are unable to provide immigration sponsorship for this position. At the DFO, we believe our biggest asset is our people. We are proud to be an equal opportunity employer, hiring and developing individuals from diverse backgrounds and experiences to add to our collaborative culture. The DFO treats all candidates and employees with respect and does not discriminate in our recruiting, hiring, and promoting processes and general treatment during employment, including on the basis of actual or perceived race, creed, color, religion, sex, age, sexual orientation, gender identity and/or expression, alienage or national origin, ancestry, citizenship status, marital status, veteran status, or disability.

Created: 2026-03-04